Upgrade to 6.6 breaks cert files
Nicolas Sebrecht
nicolas.s-dev at laposte.net
Mon Dec 14 10:40:45 GMT 2015
On Mon, Dec 14, 2015 at 11:33:51AM +0100, Nicolas Sebrecht wrote:
> On Sun, Dec 13, 2015 at 03:51:41PM -0700, tsd at tsdye.com wrote:
>
> > And this wasn't necessary previously? OfflineIMAP worked before the
> > upgrade and .offlineimaprc hasn't changed.
>
> OfflineIMAP was horrible. It was silently fallbacking to no SSL.
Sent before I finished the mail, sorry.
OfflineIMAP was horrible. It was silently fallbacking to no SSL
certificate validation (while still using the certificate for the
encrypted SSL tunnel).
IOW, any SSL certificate could be used. This is bad because it's exposed
to a MITM attack.
--
Nicolas Sebrecht
More information about the OfflineIMAP-project
mailing list