[Tickets #13730] Re: Implementation of peer verification in TLS connections
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Jan 19 15:08:27 UTC 2015
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: https://bugs.horde.org/ticket/13730
------------------------------------------------------------------------------
Ticket | 13730
Aktualisiert Von | rb at stylite.de <rb at stylite.de>
Zusammenfassung | Implementation of peer verification in TLS connections
Warteschlange | Horde Framework Packages
Typ | Enhancement
Status | New
Priorität | 1. Low
Milestone |
Patch | 1
Zuständige |
------------------------------------------------------------------------------
m_horde at secure.mailbox.org (2014-12-26 00:44) hat geschrieben:
On my server I need the peer verification to connect to a remote IMAP
server. Therefore I focused my effort on that. To avoid using $GLOBALS
I moved all configuration options in the backend config of IMP. This
way every backend can be configured seperately.
=== How does it work? ===
There is a new array in the backend config file named "tls_params".
This stores all necessary information for the TLS connection. Please
refer to the documentation in backends.conf for details. The involved
libraries are modified to pass tls_params to Socket Client, where they
are used to create the SSL context. A new feature is the fingerprint
check. This cannot be done directly by setting the SSL context,
because the encryption is enabled after the socket is created.
Therefore this check has to be done seperatly after the starttls
command.
=== Benefits ===
Peer verification with a trusted bundle of certificate authorities can
be enabled for remote IMAP servers. Further the connection can be
limited to a specified certificate by its fingerprint.
=== Regressions ===
There are no regression I am aware of. As long as the new
configuration array (tls_params) is not used, the library will work as
usually.
m_horde at secure.mailbox.org (2014-12-26 00:44) hat hochgeladen:
0001-Implementation-of-peer-verification-in-TLS-connectio[2].patch
https://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=0001-Implementation-of-peer-verification-in-TLS-connectio%5B2%5D.patch&ticket=13730&fn=%2F0001-Implementation-of-peer-verification-in-TLS-connectio%5B2%5D.patch
More information about the bugs
mailing list