STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released
Nicolas Sebrecht
nicolas.s-dev at laposte.net
Fri Jul 8 16:22:09 BST 2011
On Thu, Jul 07, 2011 at 10:15:47PM +0200, Johannes Stezenbach wrote:
> On Thu, Jul 07, 2011 at 10:13:07PM +0300, Daniel Shahaf wrote:
> > Sebastian Spaeth wrote on Thu, Jul 07, 2011 at 20:35:27 +0200:
> > > On Thu, 7 Jul 2011 20:21:54 +0300, Daniel Shahaf <d.s at daniel.shahaf.name> wrote:
> > > > How does STARTTLS interact with certificate validation (eg,
> > > > 'sslcacertfile' repository config item)? Does it [never..always]
> > > > verify the server's identity?
> > >
> > > It only attempt STARTTLS if it doesn't connect via ssl anyway. And
> > > certificate validation is only done if you connect via ssl in the first
> > > place.
> >
> > Modus ponens: it doesn't verify the peer's identity in STARTTLS mode.
> >
> > Thanks for the information!
>
> Which makes it completely useless. I remarked about this
> TODO already in April:
> http://article.gmane.org/gmane.mail.imap.offlineimap.general/3256
>
> However, I'm too lame to send a patch myself..
I not sure what you mean by "I'm too lame" but it's sad to hear you
won't write a patch. It looks like you have good knowledge in this area
(more than I have, at least).
Could you try to send a patch, please?
Or, "a middle hack not yet finished but giving the keys to let other
finish the work"?
Or at least, a beginning of something like comments highlighting the
lines of code to improve?
Or is there nothing you can do to help us a bit more, actually?
--
Nicolas Sebrecht
More information about the OfflineIMAP-project
mailing list