From 1c71e37f8f2295baec07917b8301ed0d837a92bf Mon Sep 17 00:00:00 2001
From: Sebastian Spaeth <Sebastian@SSpaeth.de>
Date: Tue, 15 Mar 2011 11:18:19 +0100
Subject: [PATCH] Sanity checks for SSL cacertfile configuration

We were not able to handle ~/... type of path configurations and we
crashed with mysterious SSL errors when no file was found at the
configured location. Expand '~' and bomb out with usable error messages
in case such a file does not exist. This will still not protect against
corrupt cacert files but it goes a long way towards user friendliness.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
---
 offlineimap/repository/IMAP.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/offlineimap/repository/IMAP.py b/offlineimap/repository/IMAP.py
index 3bfa5db..23e92af 100644
--- a/offlineimap/repository/IMAP.py
+++ b/offlineimap/repository/IMAP.py
@@ -140,7 +140,17 @@ class IMAPRepository(BaseRepository):
         return self.getconf('sslclientkey', None)
 
     def getsslcacertfile(self):
-        return self.getconf('sslcacertfile', None)
+        """Return the absolute path of the CA certfile to use, if any"""
+        cacertfile = self.getconf('sslcacertfile', None)
+        if cacertfile is None:
+            return None
+        cacertfile = os.path.expanduser(cacertfile)
+        cacertfile = os.path.abspath(cacertfile)
+        if not os.path.isfile(cacertfile):
+            raise SyntaxWarning("CA certfile for repository '%s' could "
+                                "not be found. No such file: '%s'" \
+                                % (self.name, cacertfile))
+        return cacertfile
 
     def getpreauthtunnel(self):
         return self.getconf('preauthtunnel', None)