Upgrade to 6.6 breaks cert files
Thomas S. Dye
tsd at tsdye.com
Mon Dec 14 17:22:15 UTC 2015
Nicolas Sebrecht <nicolas.s-dev at laposte.net> writes:
> On Mon, Dec 14, 2015 at 11:33:51AM +0100, Nicolas Sebrecht wrote:
>> On Sun, Dec 13, 2015 at 03:51:41PM -0700, tsd at tsdye.com wrote:
>>
>> > And this wasn't necessary previously? OfflineIMAP worked before the
>> > upgrade and .offlineimaprc hasn't changed.
>>
>> OfflineIMAP was horrible. It was silently fallbacking to no SSL.
>
> Sent before I finished the mail, sorry.
>
> OfflineIMAP was horrible. It was silently fallbacking to no SSL
> certificate validation (while still using the certificate for the
> encrypted SSL tunnel).
>
> IOW, any SSL certificate could be used. This is bad because it's exposed
> to a MITM attack.
Got it. Thanks!
All the best,
Tom
--
Thomas S. Dye
http://www.tsdye.com
More information about the OfflineIMAP-project
mailing list