Hello, === There is an update on this issue.
It looks like the only fix possible for this bug is "libsoup strict SSL mode enabled". In Evolution 2.x, all of the certificate authenticity checks are done within calendar/gui/itip-utils.c:itip_public_comp inside the backend; no extra configuration options may be passed and it is complicated to implement the latter. In addition, in Evolution 3.x things are very different and cannot be easily ported back into version 2.x. With "strict mode" in libsoup enabled, end-users will have to add unverified certificates they trust into the system using the external tools. Siarhei Melnikovich -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates Status in Evolution Data Server: Fix Released Status in “evolution-data-server” package in Ubuntu: Confirmed Status in “evolution-data-server” package in openSUSE: Won't Fix Bug description: When using a google calendar in evolution, evolution uses HTTPS. However, certificate correctness is not checked. Using a tool like sslsniff allows to capture user name and password. Given the calendar is periodically updated, it is trivial for an attacker to retrieve user private data when connected to the same local network. To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
