Upgrade to 6.6 breaks cert files

Thomas S. Dye tsd at tsdye.com
Mon Dec 14 17:22:15 GMT 2015


Nicolas Sebrecht <nicolas.s-dev at laposte.net> writes:

> On Mon, Dec 14, 2015 at 11:33:51AM +0100, Nicolas Sebrecht wrote:
>> On Sun, Dec 13, 2015 at 03:51:41PM -0700, tsd at tsdye.com wrote:
>> 
>> > And this wasn't necessary previously?  OfflineIMAP worked before the
>> > upgrade and .offlineimaprc hasn't changed.
>> 
>> OfflineIMAP was horrible. It was silently fallbacking to no SSL.
>
> Sent before I finished the mail, sorry.
>
> OfflineIMAP was horrible. It was silently fallbacking to no SSL
> certificate validation (while still using the certificate for the
> encrypted SSL tunnel).
>
> IOW, any SSL certificate could be used. This is bad because it's exposed
> to a MITM attack.

Got it.  Thanks!

All the best,
Tom

-- 
Thomas S. Dye
http://www.tsdye.com




More information about the OfflineIMAP-project mailing list