Implement Server SSL fingerprint check
If we connect to a SSL server (not STARTTLS) and no CA cert has been specified for verification, we check the configured SSL fingerprint and bail out in case it has not been set yet, or it does not match. This means one more mandatory option for SSL configuration, but it improves security a lot. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Sebastian Spaeth
committed by
Nicolas Sebrecht
Nicolas Sebrecht
parent
5cbec30b3e
commit
8800fa37a3
@ -182,6 +182,9 @@ class IMAPRepository(BaseRepository):
|
||||
% (self.name, cacertfile))
|
||||
return cacertfile
|
||||
|
||||
def get_ssl_fingerprint(self):
|
||||
return self.getconf('cert_fingerprint', None)
|
||||
|
||||
def getpreauthtunnel(self):
|
||||
return self.getconf('preauthtunnel', None)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user