Bug 3580 - Add support for some SSL options to spamc and spamd
Add support for some SSL options to spamc and spamd
Status: NEW
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd
SVN Trunk (Latest Devel Version)
Other other
: P5 enhancement
: Future
Assigned To: SpamAssassin Developer Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2004-07-08 21:11 UTC by Sidney Markowitz
Modified: 2005-03-29 16:08 UTC (History)
0 users



Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Sidney Markowitz 2004-07-08 21:11:41 UTC
spamd and spamc make only minimal use of SSL, encrypting the data to protect
against eavesdropping on the network. It does not check that the host name of
the server matches the certificate that is presented, and it does not make use
of a list of trusted root certificates, which are two ways that the client can
verify that it is talking to the authorized server. It does not allow for use of
a client side certificate that would authenticate spamc to the server. OpenSSL
can support these functions, but it would require adding options to spamc and
spamd to specify their use.

The limitations in the support of SSL should be documented, along with the
suggestion that using a VPN may be a satsifactory workaround. It may be enough
to just document the lack of what we are not willing to implement.
Comment 1 Daniel Quinlan 2005-03-30 01:08:42 UTC
move bug to Future milestone (previously set to Future -- I hope)