Package: irssi Version: 0.8.10-2 Severity: normal Hi,
when I connect to an SSL enabled irc server with /connect -ssl -ssl_verify -ssl_cafile /etc/ssl/certs/ca_cacert.pem krikkit.ukeer.de it succeeds, even tho krikkit.ukeer.de does not appear in the certificate: | Signature Algorithm: sha1WithRSAEncryption | Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/[EMAIL PROTECTED] | Subject: CN=venus.oftc.net | X509v3 extensions: | X509v3 Subject Alternative Name: | DNS:venus.oftc.net, othername:<unsupported>, DNS:irc.oftc.net, othername:<unsupported>, DNS:irc6.oftc.net, othername:<unsupported>, DNS:ircs.oftc.net, othername:<unsupported>, DNS:venus.oftc.net, othername:<unsupported> Maybe ssl_verify should take an argument, similar to how stunnel4 does it: } verify = level } verify peer certificate } } level 1 - verify peer certificate if present } level 2 - verify peer certificate } level 3 - verify peer with locally installed certificate } default - no verify Tho in irssi's case not all of those make sense (level 1 doesn't). Cheers, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
