man page: fingerprint can be used with SSL

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Nicolas Sebrecht 2015-09-22 09:07:21 +02:00
parent 71dd03e88c
commit 9143ea5b93

View File

@ -259,8 +259,8 @@ out the connection that is used by default.
+ +
Unfortunately, by default we will not verify the certificate of an IMAP Unfortunately, by default we will not verify the certificate of an IMAP
TLS/SSL server we connect to, so connecting by SSL is no guarantee against TLS/SSL server we connect to, so connecting by SSL is no guarantee against
man-in-the-middle attacks. While verifying a server certificate fingerprint is man-in-the-middle attacks. While verifying a server certificate checking the
being planned, it is not implemented yet. There is currently only one safe way fingerprint is recommended. There is currently only one safe way
to ensure that you connect to the correct server in an encrypted manner: you to ensure that you connect to the correct server in an encrypted manner: you
can specify a 'sslcacertfile' setting in your repository section of can specify a 'sslcacertfile' setting in your repository section of
offlineimap.conf pointing to a file that contains (among others) a CA offlineimap.conf pointing to a file that contains (among others) a CA