I just enabled the final piece in the SSL support for IMAP and SSL. We
now check the X.509 certificate that was returned by the server and make
sure that the host it was issued to is the same host we connected to.
The actual check is stricter than is actually specified in the RFC. I
will change it to confirm to the spec, but I would also be interested in
finding out if there actually are any certificates out there that would
not pass the current check. Specifically, the current checks are
stricter because: 1) they are case sensitive, 2) they don't allow
certificates specified for multiple hosts. I don't really like how I
implemented this whole validation step so I will redo a part of it anyway.
If you are seeing any new problems with IMAP or SMTP over email, please
let me know.
If you run into any problems with these checks, you can disable them by
commenting out the lines in chandler/parcels/osaf/mail/imap.py and
smtp.py that say something like "factory.sslChecker = SSL.Checker.Checker()"
PS. WebDAV over SSL still needs his check, but it is a bit more work to
implement.
--
Heikki Toivonen
signature.asc
Description: OpenPGP digital signature
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Dev" mailing list
http://lists.osafoundation.org/mailman/listinfo/dev
