Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450

To: dave b <db.pub.mail@gmail.com>
Cc: 603450@bugs.debian.org
Subject: Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
From: Alexander Reichle-Schmehl <tolimar@debian.org>
Date: Wed, 08 Dec 2010 09:46:35 +0100
Message-id: <[🔎] 4CFF45EB.9050703@debian.org>
Reply-to: Alexander Reichle-Schmehl <tolimar@debian.org>, 603450@bugs.debian.org
In-reply-to: <[🔎] AANLkTi=4KdAFKUBQOUqgXoudgNXuY2EJQW5KpyLEziAa@mail.gmail.com>
References: <4CEFA841.5050401@redhat.com> <AANLkTinLMQnsAM4WBCZviiE6ZuoFFLkUhNcpzCnm4nTQ@mail.gmail.com> <4CF559AA.9090801@complete.org> <AANLkTinFoSafWFqzczAt6B-hVZSict5r=Y2FviCMqWMW@mail.gmail.com> <[🔎] AANLkTi=yctTbWwqRQgjFpm0T5MKZg_3BpbuLrPDRdAuj@mail.gmail.com> <[🔎] 20101208073939.GA30959@melusine.alphascorpii.net> <[🔎] AANLkTi=4KdAFKUBQOUqgXoudgNXuY2EJQW5KpyLEziAa@mail.gmail.com>

Hi!

Am 08.12.2010 09:33, schrieb dave b:

>> I verified it, and your patch works:  I accepts valid ssl connections,
>> and rejects invalid ones.

At this point I should have also said "many thanks for your work!"
Sorry, didn't had a coffee when I wrote my first mail ;)

>>> +        self.sslobj = ssl_wrap(self.sock, self.keyfile, self.certfile, cert_reqs=ssl.CERT_REQUIRED, ca_certs="/etc/ssl/certs/ca-certificates.crt")
>>
>> But that looks kind of ugly, having a hardcoded path... Also, I wonder
>> if not self.certfile should be used for verification?
> Sorry?
> Um. Well sure a hard coded path path not be the best thing ... if you
> know how to determine the path to the ca store on a system modify the
> patch to use that I guess.

Sorry, that was complete nonsense.  For a moment I thought one could use
the certfile parameter to specify a file holding certs for verification.


I take my question back.  Sorry for the noise.


Best regards,
  Alexander

Reply to:

References:
- Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
  - From: dave b <db.pub.mail@gmail.com>
- Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
  - From: Alexander Reichle-Schmehl <tolimar@debian.org>
- Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
  - From: dave b <db.pub.mail@gmail.com>

Prev by Date: Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
Next by Date: Bug#603450: Is 603450 realy release critical?
Previous by thread: Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
Next by thread: Bug#563260: /etc/cron.daily/htdig generates lock-related error message
Index(es):
- Date
- Thread