[PATCH] client certificates for TLS

Duncan Gibb duncan.gibb at siriusit.co.uk
Sat Apr 25 11:36:30 EDT 2009


I've updated my backend client certificates patch to work with 2.3.14.
Attached and at https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3133

I doing so, I added a few checks in the new MITM attack detection code
because the client segfaults if the server initially gives an empty mech
list (ie it wants the client to STARTTLS before offering EXTERNAL).

Also, I set mupdate_protocol.tls_cmd.auto_capa because the client needs
to re-parse the banner after STARTTLS to pick up EXTERNAL when using a
client cert.  I think this is harmless, and I know it's useless without



Duncan Gibb - Technical Director
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk/ || t: +44 870 608 0063
Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mainline_backend-client-certs_2-3-14.patch
Type: text/x-diff
Size: 5279 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20090425/48398816/attachment.bin 

More information about the Cyrus-devel mailing list