[PATCH] client certificates for TLS
Duncan Gibb
duncan.gibb at siriusit.co.uk
Sat Apr 25 11:36:30 EDT 2009
Hello
I've updated my backend client certificates patch to work with 2.3.14.
Attached and at https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3133
I doing so, I added a few checks in the new MITM attack detection code
because the client segfaults if the server initially gives an empty mech
list (ie it wants the client to STARTTLS before offering EXTERNAL).
Also, I set mupdate_protocol.tls_cmd.auto_capa because the client needs
to re-parse the banner after STARTTLS to pick up EXTERNAL when using a
client cert. I think this is harmless, and I know it's useless without
https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3119
Cheers
Duncan
--
Duncan Gibb - Technical Director
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk/ || t: +44 870 608 0063
Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mainline_backend-client-certs_2-3-14.patch
Type: text/x-diff
Size: 5279 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20090425/48398816/attachment.bin
More information about the Cyrus-devel
mailing list