Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
On 8 December 2010 18:39, Alexander Reichle-Schmehl <tolimar@debian.org> wrote:
> Hi dave!
>
> * dave b <db.pub.mail@gmail.com> [101202 05:58]:
>
>> Here have a patch!
>> This obviously will break connecting to hosts which use a self-signed
>> certificate.
>> Perhaps some one else can fix this when they want it fixed ;) ?
>> I tested using the following config:
>
> I verified it, and your patch works: I accepts valid ssl connections,
> and rejects invalid ones.
>
>> + self.sslobj = ssl_wrap(self.sock, self.keyfile, self.certfile, cert_reqs=ssl.CERT_REQUIRED, ca_certs="/etc/ssl/certs/ca-certificates.crt")
>
> But that looks kind of ugly, having a hardcoded path... Also, I wonder
> if not self.certfile should be used for verification?
Sorry?
Um. Well sure a hard coded path path not be the best thing ... if you
know how to determine the path to the ca store on a system modify the
patch to use that I guess.
Reply to: