Merge pull request #91 from thekix/master

Revert patches about ssl certificates
This commit is contained in:
Rodolfo García Peñas (kix) 2021-10-12 11:21:12 +02:00 committed by GitHub
commit 88e318fab1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 15 deletions

View File

@ -95,9 +95,6 @@ class IMAPServer:
self.__verifycert = None # Disable cert verification.
# This way of working sucks hard...
self.fingerprint = repos.get_ssl_fingerprint()
if self.fingerprint is not None:
self.__verifycert = None # if we have a cert fingerprint
# we do not require verfication via CA
self.tlslevel = repos.gettlslevel()
self.sslversion = repos.getsslversion()
self.starttls = repos.getstarttls()

View File

@ -321,15 +321,13 @@ class IMAPRepository(BaseRepository):
def getsslcacertfile(self):
"""Determines CA bundle.
Returns path to the CA bundle. It is explicitely specified or
requested via "OS-DEFAULT" value (and we will search known
locations for the current OS and distribution). If it is not
specified, we will search it in the known locations.
Returns path to the CA bundle. It is either explicitely specified
or requested via "OS-DEFAULT" value (and we will search known
locations for the current OS and distribution).
If search route, via "OS-DEFAULT" or because is not specified,
yields nothing, we will throw an exception to make our callers
distinguish between not specified value and non-existent
default CA bundle.
If search via "OS-DEFAULT" route yields nothing, we will throw an
exception to make our callers distinguish between not specified
value and non-existent default CA bundle.
It is also an error to specify non-existent file via configuration:
it will error out later, but, perhaps, with less verbose explanation,
@ -340,10 +338,7 @@ class IMAPRepository(BaseRepository):
xforms = [os.path.expanduser, os.path.expandvars, os.path.abspath]
cacertfile = self.getconf_xform('sslcacertfile', xforms, None)
# Can't use above cacertfile because of abspath.
conf_sslacertfile = self.getconf('sslcacertfile', None)
if conf_sslacertfile == "OS-DEFAULT" or \
conf_sslacertfile is None or \
conf_sslacertfile == '':
if self.getconf('sslcacertfile', None) == "OS-DEFAULT":
cacertfile = get_os_sslcertfile()
if cacertfile is None:
searchpath = get_os_sslcertfile_searchpath()