tobias/docker-offlineimap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only verify hostname if we actually use CA certs

Browse Source 
The current code path checked the CA cert host name, even if we did not
specify a CA cert file to use. Make the host name check dependent on a
CA cert file.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Sebastian Spaeth
2011-01-18 11:25:49 +01:00
committed by Nicolas Sebrecht
parent 48eb48946c
commit 9b85ffef89
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
offlineimap/imaplibutil.py
View File

@@ -134,11 +134,12 @@ class WrappedIMAP4_SSL(IMAP4_SSL):
self.certfile)
else:
#ssl.wrap_socket worked and cert is verified, now check
#that hostnames also match.
error = self._verifycert(self.sslobj.getpeercert(), host)
if error:
raise ssl.SSLError("SSL Certificate host name mismatch: %s" % error)
#ssl.wrap_socket worked and cert is verified (if configured),
#now check that hostnames also match if we have a CA cert.
if self._cacertfile:
error = self._verifycert(self.sslobj.getpeercert(), host)
if error:
raise ssl.SSLError("SSL Certificate host name mismatch: %s" % error)
#TODO: Done for now. We should implement a mutt-like behavior
#that offers the users to accept a certificate (presenting a