[Imaplib2-devel] Re: STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released
Nicolas Sebrecht
nicolas.s-dev at laposte.net
Mon Jul 11 16:31:19 UTC 2011
[ Re-adding people in cc. ]
Hi,
On Mon, Jul 11, 2011 at 11:27:28AM +1000, Piers Lauder wrote:
> Hi Nicholas,
>
> New version checked in.
> Had to make a cople of minor changes
> - can you test that it works as advertised?
>
> Incidentally, I assume the call-back function is explicitly supposed to
> check that the hostname in the certificate matches the passed hostsname,
> right? In which case I'll document that.
>
> Thanks,
> Piers.
Sorry, I don't know the details enough to answer or test it out.
Also, I guess the current change in imaplib2 is not sufficient to fix
our main STARTTLS security issue and OfflineIMAP may need some
improvements.
Any taker, please?
--
Nicolas Sebrecht
More information about the OfflineIMAP-project
mailing list