Sanity checks for SSL cacertfile configuration
We were not able to handle ~/... type of path configurations and we crashed with mysterious SSL errors when no file was found at the configured location. Expand '~' and bomb out with usable error messages in case such a file does not exist. This will still not protect against corrupt cacert files but it goes a long way towards user friendliness. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
		 Sebastian Spaeth
					Sebastian Spaeth
				
			
				
					committed by
					
						 Nicolas Sebrecht
						Nicolas Sebrecht
					
				
			
			
				
	
			
			
			 Nicolas Sebrecht
						Nicolas Sebrecht
					
				
			
						parent
						
							2ab51e6855
						
					
				
				
					commit
					1c71e37f8f
				
			| @@ -140,7 +140,17 @@ class IMAPRepository(BaseRepository): | ||||
|         return self.getconf('sslclientkey', None) | ||||
|  | ||||
|     def getsslcacertfile(self): | ||||
|         return self.getconf('sslcacertfile', None) | ||||
|         """Return the absolute path of the CA certfile to use, if any""" | ||||
|         cacertfile = self.getconf('sslcacertfile', None) | ||||
|         if cacertfile is None: | ||||
|             return None | ||||
|         cacertfile = os.path.expanduser(cacertfile) | ||||
|         cacertfile = os.path.abspath(cacertfile) | ||||
|         if not os.path.isfile(cacertfile): | ||||
|             raise SyntaxWarning("CA certfile for repository '%s' could " | ||||
|                                 "not be found. No such file: '%s'" \ | ||||
|                                 % (self.name, cacertfile)) | ||||
|         return cacertfile | ||||
|  | ||||
|     def getpreauthtunnel(self): | ||||
|         return self.getconf('preauthtunnel', None) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user