Merge pull request #91 from thekix/master

Revert patches about ssl certificates
2021-10-12 11:21:12 +02:00 · 2021-10-12 11:21:12 +02:00 · 88e318fab1
parent 4ca9c75c6f 3ef991c83e
commit 88e318fab1
2 changed files with 7 additions and 15 deletions
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@ -95,9 +95,6 @@ class IMAPServer:
            self.__verifycert = None  # Disable cert verification.
            # This way of working sucks hard...
        self.fingerprint = repos.get_ssl_fingerprint()
-        if self.fingerprint is not None:
-            self.__verifycert = None  # if we have a cert fingerprint
-            # we do not require verfication via CA
        self.tlslevel = repos.gettlslevel()
        self.sslversion = repos.getsslversion()
        self.starttls = repos.getstarttls()
--- a/offlineimap/repository/IMAP.py
+++ b/offlineimap/repository/IMAP.py
@ -321,15 +321,13 @@ class IMAPRepository(BaseRepository):
    def getsslcacertfile(self):
        """Determines CA bundle.

-        Returns path to the CA bundle.  It is explicitely specified or
-        requested via "OS-DEFAULT" value (and we will search known
-        locations for the current OS and distribution). If it is not
-        specified, we will search it in the known locations.
+        Returns path to the CA bundle.  It is either explicitely specified
+        or requested via "OS-DEFAULT" value (and we will search known
+        locations for the current OS and distribution).

-        If search route, via "OS-DEFAULT" or because is not specified,
-        yields nothing, we will throw an exception to make our callers
-        distinguish between not specified value and non-existent
-        default CA bundle.
+        If search via "OS-DEFAULT" route yields nothing, we will throw an
+        exception to make our callers distinguish between not specified
+        value and non-existent default CA bundle.

        It is also an error to specify non-existent file via configuration:
        it will error out later, but, perhaps, with less verbose explanation,
@ -340,10 +338,7 @@ class IMAPRepository(BaseRepository):
        xforms = [os.path.expanduser, os.path.expandvars, os.path.abspath]
        cacertfile = self.getconf_xform('sslcacertfile', xforms, None)
        # Can't use above cacertfile because of abspath.
-        conf_sslacertfile = self.getconf('sslcacertfile', None)
-        if conf_sslacertfile == "OS-DEFAULT" or \
-                conf_sslacertfile is None or \
-                conf_sslacertfile == '':
+        if self.getconf('sslcacertfile', None) == "OS-DEFAULT":
            cacertfile = get_os_sslcertfile()
            if cacertfile is None:
                searchpath = get_os_sslcertfile_searchpath()