id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,blockedby,blocking,changelog
131,Add SSL certificate authentication support,damato,,"Currently, SSL certificates through SSL connections aren't verified. This may be considered a security flaw as it allows to initiate man-in-the-middle attacks due to unverified certificates. However, data on the way is still be encrypted and secured between the connection partner.

But for a real secure SSL implementation/use, YAM should highly consider providing functionality to carry common root certificates and to always verify that the certificate of the connection partner is valid and matches the host the user wants to connect. However, this requires to introduce a certification management GUI and to allow users to install their own certificates. Quite a straight forward task where AmiSSL already allows to do the certification verification automatically.",task,closed,normal,YAM 2.8,MIME handling,,major,fixed,,,,130,