[Imaplib2-devel] STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released
Johannes Stezenbach
js at sig21.net
Mon Jul 11 08:13:08 UTC 2011
Hi Piers,
On Mon, Jul 11, 2011 at 06:48:09AM +1000, Piers Lauder wrote:
> On Sun, 10 Jul 2011 15:46:39 +0200, Nicolas Sebrecht wrote:
> >
> > On Sun, Jul 10, 2011 at 12:31:23PM +0200, Johannes Stezenbach wrote:
> >
> > > Well, cert verification is already implemented in imaplibutil.py,
> > > and both imaplibutil.py and imaplib2.py eventually call
> > > ssl.wrap_socket(). At the minimum imaplib2's starttls()
> > > method should pass the ca_certs and cert_reqs arguments,
> > > and a callback function for cert verification.
> > > But maybe the imapliib2 maintainer should absorb all the
> > > code from WrappedIMAP4_SSL into imaplib? It seems
> > > every imaplib2 user would need this, not just offlineimap.
> >
> > Thank you much. I'm relaying this to the imaplib2 project. This is very
> > interesting stuff, I think.
> >
> > Piers, what do you think of this?
>
> ...
>
> Looks good to me - consider it included into the next version.
Note that this was just a quick sketch, and is completely untested.
Maybe you want to spend a bit of time thinking about the details
before the API is set in stone (especially certificate verification
the callback arguments). Maybe also do something similar for
the imaps open(), so that the code in offlineimap's
imaplibutil.py class WrappedIMAP4_SSL can be simplified.
Thanks
Johannes
More information about the OfflineIMAP-project
mailing list