cert_fingerprint option is ignored: fingerprints aren't verified!
James Cook
james.cook at utoronto.ca
Wed Apr 25 03:40:15 BST 2012
Thanks; that commit works for me and rejects bad fingerprints as expected.
On 19 April 2012 09:31, Sebastian Spaeth <Sebastian at sspaeth.de> wrote:
> James Cook <james.cook at utoronto.ca> writes:
>
> > I've found a bug in the code that checks fingerprints: namely,
> > fingerprints are never actually checked.
>
> > The cause: imaplibutil.py checks for ssl support by checking if 'ssl'
> > is in locals(),
> > but it should check globals(), since ssl is not a local variable.
>
> Ooops, thanks for reporting. This is an embarassing one. Rather than
> using globals() (as would be the correct fix), I have removed the
> superfluous ssl check completely. We now rely on python2.6 and import
> ssl unconditionally in any case now.
>
> I checked in the fix as commit 895e709bf23eea3b8f546f240317580e34251cf3
> into the 'next' branch, so it will be part of the next release.
>
> Again, thanks for reporting.
>
> P.S. I tested that cert_fingerprint is actually required and used now.
>
> Sebastian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20120424/3b1af84a/attachment-0003.html>
More information about the OfflineIMAP-project
mailing list