[Dovecot] SSL Client Certificate Support
Stefan Sels
stefan at sels.com
Sun Oct 5 13:32:14 EEST 2003
<quote who="Bert Koelewijn">
> Timo Sirainen wrote:
>> Doing this also worries me a bit. Wasn't the recent security hole in
>> OpenSSL just in the client certificate parsing? SSL cert authentication
>> would have to rely on OpenSSL (or GNUTLS).
>
> OpenSSL have been audited many times, by many experts. If you trust
> dovecot, I think you can trust OpenSSL too.
this might be a bit off-topic but :
-openssl might be audited by many experts, but this might apply to an
version, but not the latest.
-openssh is probably audited with the same affort as openssl. do you
remember the bugs ?
for me the conclusion is every security application which is used by a
large userbase (as openssl or openssh) is audited so closely that they
always find some bugs.
regards,
stefan
More information about the dovecot
mailing list