[PATCH v2 2/3] Re: Implement SSL certificate checking
Nicolas Sebrecht
nicolas.s-dev at laposte.net
Thu Dec 16 18:13:43 GMT 2010
On Thu, Dec 16, 2010 at 12:43:47PM +0000, Sebastian wrote:
>
> Previously, we did not check at all the authenticy and validity of
> the SSL server we connected to. This is bad as it allows
> man-in-the-middle attacks etc. This patch remedies the situation
> somewhat.
>
> If we specify a sslcacertfile= setting in the Repository section,
> validate the server cert (on python>=2.6 or abort with python<=2.5).
>
> As before, no certificate check is performed without that option.
I think the certificate check should be the default option.
> In the future, the hostname check should be made optional and also
> a mutt-lick "accept this certificate forever" thing should be
> implemented.
>
> Signed-off-By: Sebastian Spaeth <Sebastian at SSpaeth.de>
Your Signed-off-by usually has weird characters case. This causes me to
do extra work. Use the '-s' option of 'git commit' to not have to sign
manually your patches every time. You can use 'git commit --amend -s' to
sign an already commited patch.
The topic looks good; merged. Thanks.
--
Nicolas Sebrecht
More information about the OfflineIMAP-project
mailing list