In theory, this should by addressed by a security update. The problem is that adding a new option may break existing users who are using self- signed certs. We may want to default to accepting invalid certs in the security update.
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates Status in Evolution Data Server: Fix Released Status in “evolution-data-server” package in Ubuntu: Confirmed Status in “evolution-data-server” package in openSUSE: Confirmed Bug description: When using a google calendar in evolution, evolution uses HTTPS. However, certificate correctness is not checked. Using a tool like sslsniff allows to capture user name and password. Given the calendar is periodically updated, it is trivial for an attacker to retrieve user private data when connected to the same local network. To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
