On Tue, Oct 7, 2014 at 1:28 PM, Ángel González <an...@16bits.net> wrote: > CustaiCo wrote: >> Because of how cleanly seperated the network code is from the rest of >> the application, I'm fairly sure that there should be no leaks, unless >> the ssl library decides to open it's own connections for no reason. > > Like doing an OCSP check? > > (although neither openssl nor gnutls seem to do that automatically > nowadays)
Exactly like that, it's worth looking for, ie: can the user's TLS config or TLS compile default turn on OCSP, and how to push that through socks5, even if it means extending whatever TLS libs msmtp links to handle it. I very briefly scanned openssl 101i and 102b3 but did not see a doc about configuring their TLS *library* to turn on OCSP. However on command line there is: openssl ocsp openssl s_client -status so the library config knob may be there somewhere I've not found yet. Even if not there today, I'd assume something may be there tomorrow, whether OCSP, cert transparency, local server, etc. ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ msmtp-users mailing list msmtp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/msmtp-users
