On Wed, Apr 10, 2013 at 11:44:03AM -0700, Junio C Hamano wrote: > The reason why we can run with sslverify=true against gmail is > because we know imap.gmail.com gives a validly signed certificate > that leads all the way to a root CA the user's OpenSSL installation > is likely to trust (if your hand-rolled imap-over-ssl server uses a > snakeoil certificate, even though the server may be "SSL capable", > you may not be able to successfully connect to it without sslverify > turned off).
Maybe imap-send should learn imap.sslCAInfo and imap.sslCAPath like http.* to handle custom certificates. >> diff --git a/Documentation/git-imap-send.txt >> b/Documentation/git-imap-send.txt >> index 875d283..b15dffe 100644 >> --- a/Documentation/git-imap-send.txt >> +++ b/Documentation/git-imap-send.txt >> @@ -123,7 +123,6 @@ to specify your account settings: >> host = imaps://imap.gmail.com >> user = u...@gmail.com >> port = 993 >> - sslverify = false >> --------- >> You might need to instead use: folder = "[Google Mail]/Drafts" if you get >> an error I think we should remove sslverify = false from the other example as well. "Recommending" sslverify = false is IMHO a bad idea as SSL provides no protection without verification. Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
