tobias/docker-offlineimap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only verify hostname if we actually use CA certs

Browse Source 
The current code path checked the CA cert host name, even if we did not
specify a CA cert file to use. Make the host name check dependent on a
CA cert file.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Sebastian Spaeth 2011-01-18 11:25:49 +01:00 committed by Nicolas Sebrecht
parent 48eb48946c
commit 9b85ffef89
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
offlineimap/imaplibutil.py
View File

@ -134,8 +134,9 @@ class WrappedIMAP4_SSL(IMAP4_SSL):
self.certfile)
else:
#ssl.wrap_socket worked and cert is verified, now check
#that hostnames also match.
#ssl.wrap_socket worked and cert is verified (if configured),
#now check that hostnames also match if we have a CA cert.
if self._cacertfile:
error = self._verifycert(self.sslobj.getpeercert(), host)
if error:
raise ssl.SSLError("SSL Certificate host name mismatch: %s" % error)