[PATCH v2 2/3] Re: Implement SSL certificate checking
nicolas.s-dev at laposte.net
Thu Dec 16 18:13:43 GMT 2010
On Thu, Dec 16, 2010 at 12:43:47PM +0000, Sebastian wrote:
> Previously, we did not check at all the authenticy and validity of
> the SSL server we connected to. This is bad as it allows
> man-in-the-middle attacks etc. This patch remedies the situation
> If we specify a sslcacertfile= setting in the Repository section,
> validate the server cert (on python>=2.6 or abort with python<=2.5).
> As before, no certificate check is performed without that option.
I think the certificate check should be the default option.
> In the future, the hostname check should be made optional and also
> a mutt-lick "accept this certificate forever" thing should be
> Signed-off-By: Sebastian Spaeth <Sebastian at SSpaeth.de>
Your Signed-off-by usually has weird characters case. This causes me to
do extra work. Use the '-s' option of 'git commit' to not have to sign
manually your patches every time. You can use 'git commit --amend -s' to
sign an already commited patch.
The topic looks good; merged. Thanks.
More information about the OfflineIMAP-project