STARTTLS and certificates Re: [ANNOUNCE] OfflineIMAP v6.3.4-rc3 released

Daniel Shahaf d.s at daniel.shahaf.name
Thu Jul 7 20:13:07 BST 2011


Sebastian Spaeth wrote on Thu, Jul 07, 2011 at 20:35:27 +0200:
> On Thu, 7 Jul 2011 20:21:54 +0300, Daniel Shahaf <d.s at daniel.shahaf.name> wrote:
> > How does STARTTLS interact with certificate validation (eg,
> > 'sslcacertfile' repository config item)?  Does it [never..always]
> > verify the server's identity?
> 
> It only attempt STARTTLS if it doesn't connect via ssl anyway. And
> certificate validation is only done if you connect via ssl in the first
> place.

Modus ponens: it doesn't verify the peer's identity in STARTTLS mode.

Thanks for the information!

Daniel

> 
> Sebastian






More information about the OfflineIMAP-project mailing list