Launchpad has imported 6 comments from the remote bug at https://bugzilla.novell.com/show_bug.cgi?id=760517.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-05-03T14:36:52+00:00 Meissner-i wrote: +++ This bug was initially created as a clone of Bug #758431 (libsoup) +++ As libsoup needs to be set to "strict ssl" and fed a ca path before it does correct SSL checking, evolution-data-server is likely not doing SSL certificate checking correctly. Soup users I spotted: Groupwise protocol handling (server/groupwise/e-gw-connection.c) Exchange protocol handling (server/exchange/lib/e2k-context.c) Google (servers/google/libgdata-google/gdata-google-service.c) calendar/backends/http/e-cal-backend-http.c calendar/backends/caldav/e-cal-backend-caldav.c >From Midori fix: g_object_set (session, "ssl-ca-file", "/etc/ssl/ca-bundle.pem", "ssl-strict", TRUE ); (e-d-s needs some handling of SSL cert verification failures though, otherwise it will just failt.) Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/12 ------------------------------------------------------------------------ On 2012-05-03T15:11:53+00:00 Meissner-i wrote: (my suggestion is probably not correct... I do not fully understand it yet) we probably need to evluated the "trusted" attribute after the connect Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/13 ------------------------------------------------------------------------ On 2012-05-03T15:36:18+00:00 Meissner-i wrote: opened https://bugzilla.gnome.org/show_bug.cgi?id=675378 Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/14 ------------------------------------------------------------------------ On 2012-05-03T22:00:11+00:00 Swamp-a wrote: bugbot adjusting priority Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/15 ------------------------------------------------------------------------ On 2012-05-04T08:02:26+00:00 Meissner-i wrote: A GNOME bug was already open: https://bugzilla.gnome.org/show_bug.cgi?id=671537 It has patches for the non-groupwise parts already. Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/16 ------------------------------------------------------------------------ On 2012-05-31T14:50:46+00:00 Meissner-i wrote: to bnc-team-evolution Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/19 ** Changed in: evolution-data-server (openSUSE) Status: Unknown => Confirmed ** Changed in: evolution-data-server (openSUSE) Importance: Unknown => High ** Bug watch added: GNOME Bug Tracker #675378 https://bugzilla.gnome.org/show_bug.cgi?id=675378 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates Status in Evolution Data Server: Fix Released Status in “evolution-data-server” package in Ubuntu: Confirmed Status in “evolution-data-server” package in openSUSE: Confirmed Bug description: When using a google calendar in evolution, evolution uses HTTPS. However, certificate correctness is not checked. Using a tool like sslsniff allows to capture user name and password. Given the calendar is periodically updated, it is trivial for an attacker to retrieve user private data when connected to the same local network. To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
