tobias/docker-offlineimap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement SSL certificate checking

Browse Source 
Previously, we did not check at all the authenticy and validity of
the SSL server we connected to. This is bad as it allows
man-in-the-middle attacks etc. This patch remedies the situation
somewhat.

If we specify a sslcacertfile= setting in the Repository section,
validate the server cert (on python>=2.6 or abort with python<=2.5).

As before, no certificate check is performed without that option.
In the future, the hostname check should be made optional and also
a mutt-lick "accept this certificate forever" thing should be
implemented.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Sebastian
2010-12-16 12:43:47 +00:00
committed by Nicolas Sebrecht
parent 219eb8c47f
commit 4f57b94e23
4 changed files with 134 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
offlineimap/repository/IMAP.py
View File

@ -139,6 +139,9 @@ class IMAPRepository(BaseRepository):
def getsslclientkey(self):
return self.getconf('sslclientkey', None)
def getsslcacertfile(self):
return self.getconf('sslcacertfile', None)
def getpreauthtunnel(self):
return self.getconf('preauthtunnel', None)