Only verify hostname if we actually use CA certs
The current code path checked the CA cert host name, even if we did not specify a CA cert file to use. Make the host name check dependent on a CA cert file. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
parent
48eb48946c
commit
9b85ffef89
@ -134,11 +134,12 @@ class WrappedIMAP4_SSL(IMAP4_SSL):
|
|||||||
self.certfile)
|
self.certfile)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
#ssl.wrap_socket worked and cert is verified, now check
|
#ssl.wrap_socket worked and cert is verified (if configured),
|
||||||
#that hostnames also match.
|
#now check that hostnames also match if we have a CA cert.
|
||||||
error = self._verifycert(self.sslobj.getpeercert(), host)
|
if self._cacertfile:
|
||||||
if error:
|
error = self._verifycert(self.sslobj.getpeercert(), host)
|
||||||
raise ssl.SSLError("SSL Certificate host name mismatch: %s" % error)
|
if error:
|
||||||
|
raise ssl.SSLError("SSL Certificate host name mismatch: %s" % error)
|
||||||
|
|
||||||
#TODO: Done for now. We should implement a mutt-like behavior
|
#TODO: Done for now. We should implement a mutt-like behavior
|
||||||
#that offers the users to accept a certificate (presenting a
|
#that offers the users to accept a certificate (presenting a
|
||||||
|
Loading…
Reference in New Issue
Block a user