tobias/docker-offlineimap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix SSL fingerprint was not always checked

Browse Source 
As reported by James Cook, we would not check the fingerprint of the SSL
server, as we were looking for the 'ssl' module in locals() rather than
globals(). Ooops!

Rather than using globals() though, I simply remove the by-now
superfluous check. We now rely on python2.6 and we unconditionally
import the SSL module in any case, so it needs to be there.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This commit is contained in:
Sebastian Spaeth 2012-04-19 18:23:12 +02:00
parent a4b4f1ffcb
commit 895e709bf2
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog.rst
View File

@ -9,6 +9,7 @@ WIP (add new stuff for the next release)
======================================== ========================================
* bump bundled imaplib2 library 2.29 --> 2.33 * bump bundled imaplib2 library 2.29 --> 2.33
* Actually perform the SSL fingerprint check (reported by J. Cook)
* Curses UI, don't use colors after we shut down curses already (C.Höger) * Curses UI, don't use colors after we shut down curses already (C.Höger)
OfflineIMAP v6.5.3.1 (2012-04-03) OfflineIMAP v6.5.3.1 (2012-04-03)

5
offlineimap/imaplibutil.py
View File

@ -1,6 +1,6 @@
# imaplib utilities # imaplib utilities
# Copyright (C) 2002-2007 John Goerzen <jgoerzen@complete.org> # Copyright (C) 2002-2007 John Goerzen <jgoerzen@complete.org>
# 2010 Sebastian Spaeth <Sebastian@SSpaeth.de> # 2012-2012 Sebastian Spaeth <Sebastian@SSpaeth.de>
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or # the Free Software Foundation; either version 2 of the License, or
@ -143,8 +143,7 @@ class WrappedIMAP4_SSL(UsefulIMAPMixIn, IMAP4_SSL):
def open(self, host=None, port=None): def open(self, host=None, port=None):
super(WrappedIMAP4_SSL, self).open(host, port) super(WrappedIMAP4_SSL, self).open(host, port)
if (self._fingerprint or not self.ca_certs) and\ if (self._fingerprint or not self.ca_certs):
'ssl' in locals(): # <--disable for python 2.5
# compare fingerprints # compare fingerprints
fingerprint = sha1(self.sock.getpeercert(True)).hexdigest() fingerprint = sha1(self.sock.getpeercert(True)).hexdigest()
if fingerprint != self._fingerprint: if fingerprint != self._fingerprint: