cert_fingerprint option is ignored: fingerprints aren't verified!
Sebastian Spaeth
Sebastian at SSpaeth.de
Thu Apr 19 16:31:47 UTC 2012
James Cook <james.cook at utoronto.ca> writes:
> I've found a bug in the code that checks fingerprints: namely,
> fingerprints are never actually checked.
> The cause: imaplibutil.py checks for ssl support by checking if 'ssl'
> is in locals(),
> but it should check globals(), since ssl is not a local variable.
Ooops, thanks for reporting. This is an embarassing one. Rather than
using globals() (as would be the correct fix), I have removed the
superfluous ssl check completely. We now rely on python2.6 and import
ssl unconditionally in any case now.
I checked in the fix as commit 895e709bf23eea3b8f546f240317580e34251cf3
into the 'next' branch, so it will be part of the next release.
Again, thanks for reporting.
P.S. I tested that cert_fingerprint is actually required and used now.
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/offlineimap-project/attachments/20120419/d10e900c/attachment.pgp>
More information about the OfflineIMAP-project
mailing list