On Sun, 2003-10-05 at 12:52, Bert Koelewijn wrote:
Timo Sirainen wrote:
I've thought about it before myself a few times. I'm not against such patch, but I don't think I'll implement it myself anytime soon. Is there anything I can do to give this patch a higher priority?
Well..
Personally I'd really like to get the current CVS code fully working as intended. Then there's some long standing bugs/features (eg. recent counters). Then some NFS safety problems. All those should have been fixed long ago.
But it's also possible to buy features, support and whatever from Procontrol. I just don't really like that idea (well, support anyway) before 1.0 is released. Currently it's 85EUR/h if you really want it done :)
Doing this also worries me a bit. Wasn't the recent security hole in OpenSSL just in the client certificate parsing? SSL cert authentication would have to rely on OpenSSL (or GNUTLS).
OpenSSL have been audited many times, by many experts. If you trust dovecot, I think you can trust OpenSSL too.
Sendmail has also been audited many times by many experts and holes still keep showing up.
OpenSSL sources aren't nearly as bad as sendmail, but they are pretty dirty. Auditing dirty code is very time consuming and it's too easy to overlook problems. I've thought about auditing OpenSSL a few times, but I always got tired after reading just a few files since they were full of code that looked suspicious.
Also currently there's only dovecot-auth and master processes in Dovecot which have to be free of security holes to avoid pre-login security holes. That's not a lot of code. Using OpenSSL for authentication brings in tons of more code that has to be relied on.