tedious / Fetch

An IMAP library for PHP

http://www.tedivm.com

Insecure default connection flags

ccpp opened this issue 5 years ago · comments

Christian Plattner commented 5 years ago

Can you explain why you do not per default validate the IMAP peer certificate in STARTTLS mode?
To me this looks like a bad practice solution to TLS connection "errors" (as they are often found as "accepted answers" on stack overflow or similar.)

Fetch/src/Fetch/Server.php

Line 134 in 9a1b0eb

$this->setFlag('novalidate-cert');

(this is upstream for kartolo/direct_mail#163)