About distribution maintainers ([ANNOUNCE] OfflineIMAP v6.3.0 released)
Johannes Stezenbach
js at sig21.net
Tue Dec 14 12:19:42 UTC 2010
On Mon, Dec 13, 2010 at 06:42:04PM -0600, Sebastian Spaeth wrote:
> On Tue, 14 Dec 2010 10:46:51 +1100, John Ferlito <johnf at inodes.org> wrote:
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603450
> >
> > offlineimap: fails check the remote servers ssl certificate is valid
...
> THe fix that has been posted to the debian bug tracker would work under
> python >=2.6 where ssl_wrap calls ssl.wrap() but it would fail to work
> under python 2.4 and python 2.5 where ssl_wrap calls socket.ssl() (which
> doesn't support those additional cert parameters). So there will be more
> work required if we want to remain python 2.4/5 compatible when using
> SSL.
IMHO it would be sufficient to check the cert only for Python 2.6+,
and issue a warning for older Pythons.
Do you agree?
BTW, Mercurial has recently fixed similar issues, might be
worth to check how they did it.
http://selenic.com/repo/hg/
http://selenic.com/repo/hg/log?rev=cert
However, I believe the best thing to implement would be
an ssh-style fingerprint check.
Johannes
More information about the OfflineIMAP-project
mailing list