STARTTLS and certificates Re: [ANNOUNCE] OfflineIMAP v6.3.4-rc3 released
Johannes Stezenbach
js at sig21.net
Thu Jul 7 21:15:47 BST 2011
On Thu, Jul 07, 2011 at 10:13:07PM +0300, Daniel Shahaf wrote:
> Sebastian Spaeth wrote on Thu, Jul 07, 2011 at 20:35:27 +0200:
> > On Thu, 7 Jul 2011 20:21:54 +0300, Daniel Shahaf <d.s at daniel.shahaf.name> wrote:
> > > How does STARTTLS interact with certificate validation (eg,
> > > 'sslcacertfile' repository config item)? Does it [never..always]
> > > verify the server's identity?
> >
> > It only attempt STARTTLS if it doesn't connect via ssl anyway. And
> > certificate validation is only done if you connect via ssl in the first
> > place.
>
> Modus ponens: it doesn't verify the peer's identity in STARTTLS mode.
>
> Thanks for the information!
Which makes it completely useless. I remarked about this
TODO already in April:
http://article.gmane.org/gmane.mail.imap.offlineimap.general/3256
However, I'm too lame to send a patch myself..
Johannes
More information about the OfflineIMAP-project
mailing list