[Imaplib2-devel] Re: STARTTLS and certificates Re:[ANNOUNCE] OfflineIMAP v6.3.4-rc3 released
Daniel Shahaf
d.s at daniel.shahaf.name
Tue Jul 12 11:19:58 BST 2011
Johannes Stezenbach wrote on Tue, Jul 12, 2011 at 12:12:43 +0200:
> On Tue, Jul 12, 2011 at 12:56:42PM +0300, Daniel Shahaf wrote:
> >
> > The OpenSSL consumers I'm aware of are informed by OpenSSL of the
> > expiration and are given the option to ignore it.
> >
> > ie, as opposed to outright aborting the connection, OpenSSL passes the
> > X509_V_ERR_CERT_HAS_EXPIRED flag to the application and it decides what
> > to do.
> >
> > [ I'm only describing how svn/ra_serf/serf/openssl works; I'm not an
> > expert at OpenSSL's API. ]
>
> So maybe it is Python's ssl module which does not evaulate that flag,
> thus we have to do it ourselves.
Does offlineimap read the flag, or does it compare the cert's expiration
date to time.time() by hand?
>
> Johannes
More information about the OfflineIMAP-project
mailing list