On Wed, Apr 10, 2013 at 11:44:03AM -0700, Junio C Hamano wrote:
> The reason why we can run with sslverify=true against gmail is
> because we know imap.gmail.com gives a validly signed certificate
> that leads all the way to a root CA the user's OpenSSL installation
> is likely to trust (if your hand-rolled imap-over-ssl server uses a
> snakeoil certificate, even though the server may be "SSL capable",
> you may not be able to successfully connect to it without sslverify
> turned off).

Maybe imap-send should learn imap.sslCAInfo and imap.sslCAPath
like http.* to handle custom certificates.

>> diff --git a/Documentation/git-imap-send.txt 
>> b/Documentation/git-imap-send.txt
>> index 875d283..b15dffe 100644
>> --- a/Documentation/git-imap-send.txt
>> +++ b/Documentation/git-imap-send.txt
>> @@ -123,7 +123,6 @@ to specify your account settings:
>>      host = imaps://imap.gmail.com
>>      user = u...@gmail.com
>>      port = 993
>> -    sslverify = false
>>  ---------
>>   You might need to instead use: folder = "[Google Mail]/Drafts" if you get 
>> an error

I think we should remove sslverify = false from the other example
as well. "Recommending" sslverify = false is IMHO a bad idea as
SSL provides no protection without verification.

+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to