being spoofed?

Dima Pasechnik dimpase+olimap at
Mon Oct 1 11:05:14 BST 2012

On Mon, Oct 01, 2012 at 12:05:18PM +0400, Eygene Ryabinkin wrote:
> You'd better enable Repository's option 'sslcacertfile' instead of
> hardcoding the certificate fingerprint: it changes with the new
> certificate (new public key, to be precise), but the trust to the
> root CA allows you to verify the whole chain without relying on the
> particular value of the server's certificate fingerprint.

thanks, that what I just did. A bit tricky on OSX, where certs are all
over the place, instead of /etc/ssl...
Still, this works well.


> -- 
> Eygene Ryabinkin                                        ,,,^..^,,,
> [ Life's unfair - but root password helps!           | ]
> [ 82FE 06BC D497 C0DE 49EC  4FF0 16AF 9EAE 8152 ECFB | ]

More information about the OfflineIMAP-project mailing list