Commit Graph

68 Commits

Author SHA1 Message Date
Thomas Jost
838a67bc40 Support subjectAltName in SSL certificates
Signed-off-by: Thomas Jost <schnouki@schnouki.net>
Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-02-23 18:27:44 +01:00
Nicolas Sebrecht
87d5ea3057 Merge branch 'master' into next 2011-01-18 18:40:29 +01:00
Sebastian Spaeth
9b85ffef89 Only verify hostname if we actually use CA certs
The current code path checked the CA cert host name, even if we did not
specify a CA cert file to use. Make the host name check dependent on a
CA cert file.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-01-18 18:39:38 +01:00
Sebastian Spaeth
c6d6dc814f Replace UIBase.getglobalui() with getglobalui()
The latter is shorter and looks nicer. UIBase was a very weird class
name for something that is "user visible". We don't need to use (or
see) it from higher level code for most of the code now.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-01-05 19:24:00 +01:00
Sebastian
4f57b94e23 Implement SSL certificate checking
Previously, we did not check at all the authenticy and validity of
the SSL server we connected to. This is bad as it allows
man-in-the-middle attacks etc. This patch remedies the situation
somewhat.

If we specify a sslcacertfile= setting in the Repository section,
validate the server cert (on python>=2.6 or abort with python<=2.5).

As before, no certificate check is performed without that option.
In the future, the hostname check should be made optional and also
a mutt-lick "accept this certificate forever" thing should be
implemented.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2010-12-16 19:15:33 +01:00
Sebastian
219eb8c47f Don't call open_new functions outside of any class
Move them into the correct classes, overriding the open() function.
This is what we intent to do anyway, so do it in a clean way.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2010-12-16 19:15:33 +01:00
Sebastian
800138d8a4 imaplibutil.py: remove unneeded includes
Signed-off-by: Sebastian Spaeth <Sebastian @SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2010-12-16 19:15:07 +01:00
Toke Høiland-Jørgensen
a781016633 Fix ssl socket wrap deprecation warning. 2009-08-24 00:01:54 -05:00
John Goerzen
1f8024a70e [imaplib2 removal] Revert "Implementation of IMAP IDLE"
This reverts commit 3847d0ba9d.
2009-08-12 14:49:58 -05:00
John Goerzen
e5f6e392a8 Added patch for Python 2.6 ssl 2009-07-01 20:49:20 -05:00
James Bunton
3847d0ba9d Implementation of IMAP IDLE
- Use a newer version of imaplib
 - Hijack the keepalive process to send IDLE instead of NOOP
2009-02-10 11:27:48 +11:00
Michael Witten
5fe379f66d imaplibutil: Remove flagrantly bad use of private attribute
Frankly, the original code doesn't even make much sense, and
moreover it's not forward compatible with python 2.6, and
furthermore:

    DeprecationWarning: socket.ssl() is deprecated.

So, this commit is just a temporary fix.

Signed-off-by: Michael Witten <mfwitten@mit.edu>
2008-09-29 17:50:50 -05:00
John Goerzen
1ebc45d963 Fix performance for SSL
Added WrappedIMAP4_SSL class to help fix up performance of SSL

Standard imaplib.py is really bad with this, since it reads one
character at a time.

Reported by Aaron Kaplan at
http://lists.complete.org/offlineimap@complete.org/2008/01/msg00012.html.gz

He wrote:

  I just noticed that the version of offlineimap I've been using
  (3.99.17) is well over four years old.  How time flies.  I haven't
  had any problems with it, but out of curiosity I decided to pull in
  5.99.2 from the fedora repository.  It turns out to take
  consistently over twice as long as the old version to sync the same
  account.  Is this expected?

He tracked it down at
http://lists.complete.org/offlineimap@complete.org/2008/02/msg00012.html.gz

  The following changeset is the one responsible for the difference in
  speed I was noticing between the imaplib.py that was packaged with
  older versions of offlineimap and the one that comes with python:

  * /offlineimap/head: changeset 169
    More optimizations -- this time fix readline() to not work
    character-by-character!
2008-03-03 08:22:44 -06:00
John Goerzen
4e19af1513 Fix non-SSL connection
fixes deb#432727
2007-07-12 11:02:19 +01:00
John Goerzen
691386b3d7 Compilation fixes 2007-07-04 19:17:27 +01:00
John Goerzen
abf9648fd8 Clean up imaplib imports 2007-07-04 18:53:48 +01:00
John Goerzen
91392b7578 Merging imaplibutil into code 2007-07-04 18:51:10 +01:00
John Goerzen
96fd233355 Start of work pulling code out of imaplib.py 2007-07-04 18:36:33 +01:00