STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released

Nicolas Sebrecht nicolas.s-dev at laposte.net
Fri Jul 8 16:22:09 BST 2011


On Thu, Jul 07, 2011 at 10:15:47PM +0200, Johannes Stezenbach wrote:
> On Thu, Jul 07, 2011 at 10:13:07PM +0300, Daniel Shahaf wrote:
> > Sebastian Spaeth wrote on Thu, Jul 07, 2011 at 20:35:27 +0200:
> > > On Thu, 7 Jul 2011 20:21:54 +0300, Daniel Shahaf <d.s at daniel.shahaf.name> wrote:
> > > > How does STARTTLS interact with certificate validation (eg,
> > > > 'sslcacertfile' repository config item)?  Does it [never..always]
> > > > verify the server's identity?
> > > 
> > > It only attempt STARTTLS if it doesn't connect via ssl anyway. And
> > > certificate validation is only done if you connect via ssl in the first
> > > place.
> > 
> > Modus ponens: it doesn't verify the peer's identity in STARTTLS mode.
> > 
> > Thanks for the information!
> 
> Which makes it completely useless.  I remarked about this
> TODO already in April:
> http://article.gmane.org/gmane.mail.imap.offlineimap.general/3256
> 
> However, I'm too lame to send a patch myself..

I not sure what you mean by "I'm too lame" but it's sad to hear you
won't write a patch. It looks like you have good knowledge in this area
(more than I have, at least).

Could you try to send a patch, please?

Or, "a middle hack not yet finished but giving the keys to let other
finish the work"?

Or at least, a beginning of something like comments highlighting the
lines of code to improve?

Or is there nothing you can do to help us a bit more, actually?

-- 
Nicolas Sebrecht




More information about the OfflineIMAP-project mailing list