From 895e709bf23eea3b8f546f240317580e34251cf3 Mon Sep 17 00:00:00 2001 From: Sebastian Spaeth Date: Thu, 19 Apr 2012 18:23:12 +0200 Subject: [PATCH] Fix SSL fingerprint was not always checked As reported by James Cook, we would not check the fingerprint of the SSL server, as we were looking for the 'ssl' module in locals() rather than globals(). Ooops! Rather than using globals() though, I simply remove the by-now superfluous check. We now rely on python2.6 and we unconditionally import the SSL module in any case, so it needs to be there. Signed-off-by: Sebastian Spaeth --- Changelog.rst | 1 + offlineimap/imaplibutil.py | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Changelog.rst b/Changelog.rst index 89ced02..6184622 100644 --- a/Changelog.rst +++ b/Changelog.rst @@ -9,6 +9,7 @@ WIP (add new stuff for the next release) ======================================== * bump bundled imaplib2 library 2.29 --> 2.33 +* Actually perform the SSL fingerprint check (reported by J. Cook) * Curses UI, don't use colors after we shut down curses already (C.Höger) OfflineIMAP v6.5.3.1 (2012-04-03) diff --git a/offlineimap/imaplibutil.py b/offlineimap/imaplibutil.py index 2aa81d9..aa165f0 100644 --- a/offlineimap/imaplibutil.py +++ b/offlineimap/imaplibutil.py @@ -1,6 +1,6 @@ # imaplib utilities # Copyright (C) 2002-2007 John Goerzen -# 2010 Sebastian Spaeth +# 2012-2012 Sebastian Spaeth # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -143,8 +143,7 @@ class WrappedIMAP4_SSL(UsefulIMAPMixIn, IMAP4_SSL): def open(self, host=None, port=None): super(WrappedIMAP4_SSL, self).open(host, port) - if (self._fingerprint or not self.ca_certs) and\ - 'ssl' in locals(): # <--disable for python 2.5 + if (self._fingerprint or not self.ca_certs): # compare fingerprints fingerprint = sha1(self.sock.getpeercert(True)).hexdigest() if fingerprint != self._fingerprint: