[Imaplib2-devel] Re: STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released

Johannes Stezenbach js at sig21.net
Tue Jul 12 11:12:43 BST 2011

On Tue, Jul 12, 2011 at 12:56:42PM +0300, Daniel Shahaf wrote:
> The OpenSSL consumers I'm aware of are informed by OpenSSL of the
> expiration and are given the option to ignore it.
> ie, as opposed to outright aborting the connection, OpenSSL passes the
> X509_V_ERR_CERT_HAS_EXPIRED flag to the application and it decides what
> to do.
> [ I'm only describing how svn/ra_serf/serf/openssl works; I'm not an
> expert at OpenSSL's API. ]

So maybe it is Python's ssl module which does not evaulate that flag,
thus we have to do it ourselves.


More information about the OfflineIMAP-project mailing list