SA Bugzilla – Bug 3580
Add support for some SSL options to spamc and spamd
Last modified: 2022-03-06 16:14:46 UTC
spamd and spamc make only minimal use of SSL, encrypting the data to protect against eavesdropping on the network. It does not check that the host name of the server matches the certificate that is presented, and it does not make use of a list of trusted root certificates, which are two ways that the client can verify that it is talking to the authorized server. It does not allow for use of a client side certificate that would authenticate spamc to the server. OpenSSL can support these functions, but it would require adding options to spamc and spamd to specify their use. The limitations in the support of SSL should be documented, along with the suggestion that using a VPN may be a satsifactory workaround. It may be enough to just document the lack of what we are not willing to implement.
move bug to Future milestone (previously set to Future -- I hope)
Closing ancient stale bug. *** This bug has been marked as a duplicate of bug 7185 ***