On Fri, Nov 20, 2015 at 06:18:48AM -0500, Jeff King wrote:
> On Tue, Nov 17, 2015 at 10:12:07PM +0000, John Keeping wrote:
>
> > If the CA path isn't found it's most likely to indicate a
> > misconfiguration, in which case accepting any certificate is unlikely to
> > be the correct thing to do.
>
> Yeah, this seems like a crazy default for security-sensitive code.
>
> I suspect some people will see breakage from applying this (because
> their systems are broken and they did not know it), but that is a good
> thing.
>
> For people who know their systems are broken and want to proceed anyway,
> what is the appropriate work-around? Obviously it involves disabling
> peer verification, but would we want to include instructions for doing
> so (either in the error message, or perhaps mentioning it in the commit
> message)?
The documentation already says:
Set it to an empty string to disable certificate verification.
It's a bit lost in the middle of a paragraph but I think that is the
best place for the detail of how to disable verification.
Having revisted the patch, I do think the message might be a bit terse,
but I can't think of a reasonably concise way to point at the
--smtp-ssl-cert-path argument as being the culprit.
Maybe we shouldn't worry too much about that, but should instead put the
invalid path into the error message:
die "CA path \"$smtp_ssl_cert_path\" does not exist.";
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
