[Tickets #13730] Re: Implementation of peer verification in TLS connections
noreply at bugs.horde.org
noreply at bugs.horde.org
Fri Mar 13 16:05:01 UTC 2015
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: https://bugs.horde.org/ticket/13730
------------------------------------------------------------------------------
Ticket | 13730
Aktualisiert Von | m_horde at secure.mailbox.org
Zusammenfassung | Implementation of peer verification in TLS connections
Warteschlange | Horde Framework Packages
Typ | Enhancement
Status | Feedback
Priorität | 1. Low
Milestone |
Patch | 1
Zuständige |
+Neue Anlage |
0001-Implementation-of-peer-verification-in-TLS-connectio.patch
------------------------------------------------------------------------------
m_horde at secure.mailbox.org (2015-03-13 16:05) hat geschrieben:
I updated my patch to use the context parameter. The patch works
mainly the same way it does before. However, the logic to create the
context array was moved to /imp/lib/Imap.php.
The pinning of a certificate by its fingerprint cannot be done with
the context parameter of Socket/Client, because the server certificate
is not availabe when the connection is established. It becomes
availabe when the starttls command is sent. Therefore I added the
items "sha1", "md5" and "sha256" to the array $params in Client.php.
These will be used to check the certificate fingerprints during TLS
handshake.
m_horde at secure.mailbox.org (2015-03-13 16:05) hat hochgeladen:
0001-Implementation-of-peer-verification-in-TLS-connectio[3].patch
https://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=0001-Implementation-of-peer-verification-in-TLS-connectio%5B3%5D.patch&ticket=13730&fn=%2F0001-Implementation-of-peer-verification-in-TLS-connectio%5B3%5D.patch
More information about the bugs
mailing list