STARTTLS and certificates Re: [ANNOUNCE] OfflineIMAP v6.3.4-rc3 released

Johannes Stezenbach js at sig21.net
Thu Jul 7 21:15:47 BST 2011


On Thu, Jul 07, 2011 at 10:13:07PM +0300, Daniel Shahaf wrote:
> Sebastian Spaeth wrote on Thu, Jul 07, 2011 at 20:35:27 +0200:
> > On Thu, 7 Jul 2011 20:21:54 +0300, Daniel Shahaf <d.s at daniel.shahaf.name> wrote:
> > > How does STARTTLS interact with certificate validation (eg,
> > > 'sslcacertfile' repository config item)?  Does it [never..always]
> > > verify the server's identity?
> > 
> > It only attempt STARTTLS if it doesn't connect via ssl anyway. And
> > certificate validation is only done if you connect via ssl in the first
> > place.
> 
> Modus ponens: it doesn't verify the peer's identity in STARTTLS mode.
> 
> Thanks for the information!

Which makes it completely useless.  I remarked about this
TODO already in April:
http://article.gmane.org/gmane.mail.imap.offlineimap.general/3256

However, I'm too lame to send a patch myself..

Johannes




More information about the OfflineIMAP-project mailing list