RE: [gotmail] Problems with curl (7.10.8+7.11.0-pre1-1) now in DebianSID

[John Fruetel]

Is there anyway that gotmail could detect if your bundle is bad?

I'd propose having gotmail check your bundle and if it's bad AND your
using a newer curl, complain and the command line and 'suggest' that
either the bundle get fixed or use the '-k' option.


-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf
Of paul cannon
Sent: Tuesday, January 20, 2004 1:24 PM
To: address@hidden; address@hidden
Subject: Re: [gotmail] Problems with curl (7.10.8+7.11.0-pre1-1) now in
DebianSID


On Fri, Jan 16, 2004 at 08:24:08AM -0700, paul cannon wrote:
> Fix your CA bundle or use --curl-bin='curl -k'

Everyone using an up-to-date Debian sid will have this problem; the curl
package isn't setting up the CA bundle correctly. Debian bug #228024 on
the curl package addresses this issue, so hopefully it will be fixed
soon.

In the meantime, the -k option to curl (as explained above) will make
gotmail work.

I do not think that gotmail should give that option by default, as it is
worthwhile to be concerned about security. Users may waive security
measures as they deem fit.

It might, however, be useful to have an option instructing gotmail to
use curl's -k option only _after_ a failure due to a broken curl
installation. It would check curl's exit code or read its error message,
and if it seemed that an error was caused by an incorrectly installed CA
bundle (a very common error), it would re-invoke curl using -k. It still
probably wouldn't be appropriate to use by default, but those who now
disregard CA verification altogether would be able to use it when it was
working.

-- 
------------------------------------------------------------.
| paul cannon                                 address@hidden |
|                             http://people.debian.org/~pik/ |


_______________________________________________
Gotmail-list mailing list
address@hidden
http://mail.nongnu.org/mailman/listinfo/gotmail-list