[Imaplib2-devel] STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released
piers at janeelix.com
Mon Jul 11 13:14:13 BST 2011
On Mon, 11 Jul 2011 10:13:08 +0200, Johannes Stezenbach wrote:
> Hi Piers,
> On Mon, Jul 11, 2011 at 06:48:09AM +1000, Piers Lauder wrote:
> > On Sun, 10 Jul 2011 15:46:39 +0200, Sebrecht wrote:
> > >
> > > On Sun, Jul 10, 2011 at 12:31:23PM +0200, Johannes Stezenbach wrote:
> > >
> > > > Well, cert verification is already implemented in imaplibutil.py,
> > > > and both imaplibutil.py and imaplib2.py eventually call
> > > > ssl.wrap_socket(). At the minimum imaplib2's starttls()
> > > > method should pass the ca_certs and cert_reqs arguments,
> > > > and a callback function for cert verification.
> > > > But maybe the imapliib2 maintainer should absorb all the
> > > > code from WrappedIMAP4_SSL into imaplib? It seems
> > > > every imaplib2 user would need this, not just offlineimap.
> > >
> > > Thank you much. I'm relaying this to the imaplib2 project. This is very
> > > interesting stuff, I think.
> > >
> > > Piers, what do you think of this?
> > ...
> > Looks good to me - consider it included into the next version.
> Note that this was just a quick sketch, and is completely untested.
> Maybe you want to spend a bit of time thinking about the details
> before the API is set in stone (especially certificate verification
> the callback arguments). Maybe also do something similar for
> the imaps open(), so that the code in offlineimap's
> imaplibutil.py class WrappedIMAP4_SSL can be simplified.
I hope Nicolas will do the testing using offlineimap (about which I know little!).
I'm happy to consider changes to open() if it will help imaplib2
users. However, if all this is starttls specific, then maybe a derived
class is the way to go. Or just add the extra arguments to the open
method in the existing IMAP4_SSL class (which probably needs them anyway,
come to think of it).
And of course suggestions for code changes need to be tested before release :-)
More information about the OfflineIMAP-project