|Summary:||Add support for some SSL options to spamc and spamd|
|Product:||Spamassassin||Reporter:||Sidney Markowitz <sidney>|
|Component:||spamc/spamd||Assignee:||SpamAssassin Developer Mailing List <dev>|
|Version:||SVN Trunk (Latest Devel Version)|
Description Sidney Markowitz 2004-07-08 21:11:41 UTC
spamd and spamc make only minimal use of SSL, encrypting the data to protect against eavesdropping on the network. It does not check that the host name of the server matches the certificate that is presented, and it does not make use of a list of trusted root certificates, which are two ways that the client can verify that it is talking to the authorized server. It does not allow for use of a client side certificate that would authenticate spamc to the server. OpenSSL can support these functions, but it would require adding options to spamc and spamd to specify their use. The limitations in the support of SSL should be documented, along with the suggestion that using a VPN may be a satsifactory workaround. It may be enough to just document the lack of what we are not willing to implement.
Comment 1 Daniel Quinlan 2005-03-30 01:08:42 UTC
move bug to Future milestone (previously set to Future -- I hope)