About distribution maintainers ([ANNOUNCE] OfflineIMAP v6.3.0 released)

Johannes Stezenbach js at sig21.net
Tue Dec 14 12:19:42 GMT 2010


On Mon, Dec 13, 2010 at 06:42:04PM -0600, Sebastian Spaeth wrote:
> On Tue, 14 Dec 2010 10:46:51 +1100, John Ferlito <johnf at inodes.org> wrote:
> > 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603450
> > 
> > offlineimap: fails check the remote servers ssl certificate is valid
...
> THe fix that has been posted to the debian bug tracker would work under
> python >=2.6 where ssl_wrap calls ssl.wrap() but it would fail to work
> under python 2.4 and python 2.5 where ssl_wrap calls socket.ssl() (which
> doesn't support those additional cert parameters). So there will be more
> work required if we want to remain python 2.4/5 compatible when using
> SSL.

IMHO it would be sufficient to check the cert only for Python 2.6+,
and issue a warning for older Pythons.

Do you agree?

BTW, Mercurial has recently fixed similar issues, might be
worth to check how they did it.
http://selenic.com/repo/hg/
http://selenic.com/repo/hg/log?rev=cert

However, I believe the best thing to implement would be
an ssh-style fingerprint check.


Johannes




More information about the OfflineIMAP-project mailing list