reverting recent SSL-related patches

Eygene Ryabinkin rea at
Sun Jan 18 08:24:47 GMT 2015

Tue, Jan 13, 2015 at 12:27:54PM +0300, Eygene Ryabinkin wrote:
> But Nicolas's point that I am currently support is that approach makes
> the default OS bundle location to be not a strict default: it will be
> used when there is no cert_fingerprint and it won't be used when people
> waht fingerprinting.  It creates possible point of confusion, so our
> recent conversation in this topic and out-of-list were dedicated to
> finding more sane solution.  Seems like we had found one (that I was
> describing above), but I'll need to turn it into code and test.
> Once the patch will be ready and tested, I'll post it here for review
> of interested parties, since there seems to still be some ground for
> discussion, but it is better to continue them having working
> implementation of proposed solution.

Well, I was slooow on this, but here we go:

You can request OS-default bundle via
sslcacertfile = OS-DEFAULT
distro maintainers can modify stock (example) offlineimap.conf
to read
sslcacertfile = OS-DEFAULT
from the beginning to allow new uses to use default bundle automatically,
but request will be explicit, so no false expectations will arise.

More information about the OfflineIMAP-project mailing list