imap.google.com being spoofed?

Dima Pasechnik dimpase+olimap at gmail.com
Mon Oct 1 10:05:14 UTC 2012


On Mon, Oct 01, 2012 at 12:05:18PM +0400, Eygene Ryabinkin wrote:
> 
> You'd better enable Repository's option 'sslcacertfile' instead of
> hardcoding the certificate fingerprint: it changes with the new
> certificate (new public key, to be precise), but the trust to the
> root CA allows you to verify the whole chain without relying on the
> particular value of the server's certificate fingerprint.

thanks, that what I just did. A bit tricky on OSX, where certs are all
over the place, instead of /etc/ssl...
Still, this works well.

Dmitrii

> -- 
> Eygene Ryabinkin                                        ,,,^..^,,,
> [ Life's unfair - but root password helps!           | codelabs.ru ]
> [ 82FE 06BC D497 C0DE 49EC  4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]





More information about the OfflineIMAP-project mailing list