[Bug] Server Certificate not checked when sending emails [answered]
asked 2016-10-23 10:39:10 +0300
I'm using a (officially untrusted) CA to issue self-signed certificates for my servers, including my mail server. To be able to get a secure connection (aka not need to enable the "Accept untrusted certificates" option in the accounts server settings), I exchanged the ca-bundle of the mail application (in the file /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem ) so it only contains the cert of my CA.
At first, this went as expected and allowed me to connect to my mail server with the mail application accepting the self-signed certificates. After upgrading to the 2.0.4-EA, the new Certificate Tool ins Settings showed me, that only my CA is listed in the ca-bundle for mails (though, I downgraded back to 2.0.2 in the meantime).
Now to the issue: I'm not using my own server for sending mails, but the smtp server of my provider (with StartTLS), which obviously is not using a certificate signed by my CA, but from an official CA (which should not be trusted based on my mail ca-bundle as mentioned above). Nevertheless, I can send mails without problems, so the mail application does not seem to check the certificate of the outgoing server against the ca-bundle for mails. This can have multiple causes:
- I'm missing something in my considerations (e.g. edited the wrong file)
- The application is using a different ca-bundle to check outgoing servers (which would be unexpected behavior from my point of view)
- The application is not checking certificates at all in this scenario (which would be really bad)
Can someone please look into this and point me to my error or confirm this bug?
Thank you already.