- missing certificate checking is bad ... however ... - several services might run self-signed, including some Novell Groupwise installations, so compatibility would break when we enable it.
- so this might need UI additions to enable/disable cert checking, which in turn might get denied. I suspect we might not be able to fix this easily at all and/or only in future products. :( I am changing this to VUL-1. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates Status in Evolution Data Server: Fix Released Status in “evolution-data-server” package in Ubuntu: Confirmed Status in “evolution-data-server” package in openSUSE: Confirmed Bug description: When using a google calendar in evolution, evolution uses HTTPS. However, certificate correctness is not checked. Using a tool like sslsniff allows to capture user name and password. Given the calendar is periodically updated, it is trivial for an attacker to retrieve user private data when connected to the same local network. To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
