SSL fingerprint verification

Johannes Kastl mail at ojkastl.de
Tue Aug 30 21:36:44 BST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/30/11 2:19 PM Sebastian Spaeth wrote:

> Would something like this be of interest? Feedback? Patch as
> reply...

This may be a stupid question:

When opening a website using https://, the browser checks if the
certificate is valid. When using POP/IMAP/SMTP over SSL, the program
(Thunderbird, Seamonkey, ...) checks the certificate and throws an
error, when the certificate is wrong/no longer valid/...

Why does offlineimap need the user to configure a sslcacertfile or a
fingerprint?

Maybe I'm mixing things up...

Regards,
Johannes
- -- 
Programming is like sex: if you make a mistake, you have to support it
for the rest of your life.
(unknown)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5dSdwACgkQzi3gQ/xETbI1WACgh0fM7D1bsIZ3g8JZ3wODdY7m
OAQAn0plN2zy5Qz/DneATSpbrX3LJ/fD
=f03z
-----END PGP SIGNATURE-----





More information about the OfflineIMAP-project mailing list