diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2013-02-06 22:25:42 +0100 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2013-02-06 22:25:42 +0100 |
| commit | 52c5a71f5ecb67b7ebf6ee0e5862bab2534222eb (patch) | |
| tree | 6f6f68f762e163e9be1715b0491451959725c7d9 /NEWS | |
| parent | fd5cf7350bad7b8a596ec7a02df41043315566de (diff) | |
| download | fetchmail-52c5a71f5ecb67b7ebf6ee0e5862bab2534222eb.tar.gz fetchmail-52c5a71f5ecb67b7ebf6ee0e5862bab2534222eb.tar.bz2 fetchmail-52c5a71f5ecb67b7ebf6ee0e5862bab2534222eb.zip | |
Improve X.509 certificate validation reporting.
* Improved reporting when SSL/TLS X.509 certificate validation has failed,
working around a not-so-recent swapping of two OpenSSL error codes, and
a practical impossibility to distinguish broken certification chains from
missing trust anchors (root certificates).
* OpenSSL decoded errors are now reported through report(), rather than dumped
to stderr, so that they should show up in logfiles and/or syslog.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -58,6 +58,14 @@ removed from a 6.4.0 or newer release.) fetchmail-6.3.25 (not yet released): +# CHANGES +* Improved reporting when SSL/TLS X.509 certificate validation has failed, + working around a not-so-recent swapping of two OpenSSL error codes, and + a practical impossibility to distinguish broken certification chains from + missing trust anchors (root certificates). +* OpenSSL decoded errors are now reported through report(), rather than dumped + to stderr, so that they should show up in logfiles and/or syslog. + # WORKAROUNDS * Older systems that provide the older RFC-2553 implementation of getaddrinfo, rather than the current RFC-3493, and systems that do not provide this |