5 Oct
2003
5 Oct
'03
12:52 p.m.
Timo Sirainen wrote:
I've thought about it before myself a few times. I'm not against such patch, but I don't think I'll implement it myself anytime soon. Is there anything I can do to give this patch a higher priority?
Doing this also worries me a bit. Wasn't the recent security hole in OpenSSL just in the client certificate parsing? SSL cert authentication would have to rely on OpenSSL (or GNUTLS).
OpenSSL have been audited many times, by many experts. If you trust dovecot, I think you can trust OpenSSL too.