[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-devel
Subject:    [Bug 7267] New: no way to set SSL_VERIFY_PEER in spamd
From:       bugzilla-daemon () bugzilla ! spamassassin ! org
Date:       2015-11-16 23:33:43
Message-ID: bug-7267-26 () https ! bz ! apache ! org/SpamAssassin/
[Download RAW message or body]

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7267

            Bug ID: 7267
           Summary: no way to set SSL_VERIFY_PEER in spamd
           Product: Spamassassin
           Version: 3.4.1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: spamc/spamd
          Assignee: dev@spamassassin.apache.org
          Reporter: curtis@ipv6.occnc.com

There is no server side SSL verification in spamd.

The fix on the spamd side is simple.  Not so simple in spamc.

On spamd there needs to be three options, "--ssl-ca-file=file",
"-ssl-ca-path=path", and "--ssl-verify".

Setting any one of them sets "$sockopt->SSL_verify_mode =
SSL_VERIFY_PEER;" on about line 1077 in spamd.  If either ssl-ca-file or
ssl-ca-path are set, then set sockopt->SSL_ca_file or sockopt->SSL_ca_path.

That's it for spamd.  I haven't looked at spamc, but it should not be much more
difficult to add options for key and cert.  Just C rather than perl.

Diffs to follow.

-- 
You are receiving this mail because:
You are the assignee for the bug.
[prev in list] [next in list] [prev in thread] [next in thread]