Good morning! Martin Lambers wrote (Sun 2010-Feb-07 12:09:06 +0100):
> The current git version now has a tls_fingerprint command and > corresponding --tls-fingerprint option. > > This can be used to trust one particular certificate, regardless of its > contents. Pulled, built, and tested: works great for me, thanks a lot! I may add that there seems to be a (small, theoretical) risk with the way command-line arguments are treated: At least "--tls-fingerprint" can be given multiple times, and the value of the last one supersedes the value of previous ones. Since "Mutt" wants to add "-f <envelopefrom>", "--" can't be used to tell "msmtp" that only recipients' email addresses are supposed to follow, and there might be a chance that someone could make me send an email addressed to "--host=mail.badguy.com --tls-fingerprint=...", so that the bad guy gets a chance to sniff my password. Personally, I'm using a small wrapper script anyway, so I'm already happy with the way it is now. :-) Thanks again, Marcus -- Marcus C. Gottwald · <[email protected]> · https://cheers.de ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ msmtp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/msmtp-users
