Author Topic: SSL in email module  (Read 2460 times)

gilinko

  • Newbie
  • *
  • Posts: 1
    • View Profile
    • Email
SSL in email module
« on: March 03, 2009, 06:57:06 AM »
Currently the Email module usage of SSL in connecting to a IMAP/POP server is flawed. If SSL is specified but the certificate of the server is self signed it will silently die, which is not a desired behavior. One of three changes has to be made:

1)
If the user specifies that a SSL connection should be used, the flag /novalidate-cert should be set to ignore a valid or unsigned certificate. Not to good for security but always works. Flags reference: http://se.php.net/manual/en/function.imap-open.php

2)
If the user specifies that a SSL connection should be used, a further option of ignoring expired/self-signed certificate use should be allowed (and set the novalidate -cert flag)

3)
If the user specifies that a SSL connection should be used, a warning have to appear when accessing the email module with the option to ignore the failing certificate.

 

anything