imap.google.com being spoofed?
Dima Pasechnik
dimpase+olimap at gmail.com
Mon Oct 1 11:05:14 BST 2012
On Mon, Oct 01, 2012 at 12:05:18PM +0400, Eygene Ryabinkin wrote:
>
> You'd better enable Repository's option 'sslcacertfile' instead of
> hardcoding the certificate fingerprint: it changes with the new
> certificate (new public key, to be precise), but the trust to the
> root CA allows you to verify the whole chain without relying on the
> particular value of the server's certificate fingerprint.
thanks, that what I just did. A bit tricky on OSX, where certs are all
over the place, instead of /etc/ssl...
Still, this works well.
Dmitrii
> --
> Eygene Ryabinkin ,,,^..^,,,
> [ Life's unfair - but root password helps! | codelabs.ru ]
> [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]
More information about the OfflineIMAP-project
mailing list