[Imaplib2-devel] STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released

Piers Lauder piers at janeelix.com
Mon Jul 11 13:14:13 BST 2011


On Mon, 11 Jul 2011 10:13:08 +0200, Johannes Stezenbach wrote:
  > 
  > Hi Piers,
  > 
  > On Mon, Jul 11, 2011 at 06:48:09AM +1000, Piers Lauder wrote:
  > > On Sun, 10 Jul 2011 15:46:39 +0200,  Sebrecht wrote:
  > >   > 
  > >   > On Sun, Jul 10, 2011 at 12:31:23PM +0200, Johannes Stezenbach wrote:
  > >   > 
  > >   > > Well, cert verification is already implemented in imaplibutil.py,
  > >   > > and both imaplibutil.py and imaplib2.py eventually call
  > >   > > ssl.wrap_socket().  At the minimum imaplib2's starttls()
  > >   > > method should pass the ca_certs and cert_reqs arguments,
  > >   > > and a callback function for cert verification.
  > >   > > But maybe the imapliib2 maintainer should absorb all the
  > >   > > code from WrappedIMAP4_SSL into imaplib?  It seems
  > >   > > every imaplib2 user would need this, not just offlineimap.
  > >   > 
  > >   > Thank you much. I'm relaying this to the imaplib2 project. This is very
  > >   > interesting stuff, I think.
  > >   > 
  > >   > Piers, what do you think of this?
  > > 
  > > 	...
  > > 
  > > Looks good to me - consider it included into the next version.
  > 
  > Note that this was just a quick sketch, and is completely untested.
  > Maybe you want to spend a bit of time thinking about the details
  > before the API is set in stone (especially certificate verification
  > the callback arguments).  Maybe also do something similar for
  > the imaps open(), so that the code in offlineimap's
  > imaplibutil.py class WrappedIMAP4_SSL can be simplified.

I hope Nicolas will do the testing using offlineimap (about which I know little!).

I'm happy to consider changes to open() if it will help imaplib2
users. However, if all this is starttls specific, then maybe a derived
class is the way to go. Or just add the extra arguments to the open
method in the existing IMAP4_SSL class (which probably needs them anyway,
come to think of it).

And of course suggestions for code changes need to be tested before release :-)

Piers.






More information about the OfflineIMAP-project mailing list