Re: [RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6

11 Aug 2017


      On 11.08.2017 09:26, Davide Perini wrote:
...
Thunderbird ignore peer verification on both IMAP and SMTP.
Nope. For a test, set up foo.some.domain and bar.some.domain as CNAME
records for imap.some.domain, with the server certificate containing
both imap.some.domain and foo.some.domain, but not bar.some.domain.
The attempt to connect with an IMAP server name of bar.some.domain, will
cause Thunderbird to open an "Add Security Exception" dialog, with the
complaint "Wrong Site - The certificate belongs to a different site,
which could mean that someone is trying to impersonate this site." (see
attached image). That's the result of peer verification.
-Ralph

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6