Nicolas Sebrecht <[email protected]> writes: > On Mon, Dec 14, 2015 at 11:33:51AM +0100, Nicolas Sebrecht wrote: >> On Sun, Dec 13, 2015 at 03:51:41PM -0700, [email protected] wrote: >> >> > And this wasn't necessary previously? OfflineIMAP worked before the >> > upgrade and .offlineimaprc hasn't changed. >> >> OfflineIMAP was horrible. It was silently fallbacking to no SSL. > > Sent before I finished the mail, sorry. > > OfflineIMAP was horrible. It was silently fallbacking to no SSL > certificate validation (while still using the certificate for the > encrypted SSL tunnel). > > IOW, any SSL certificate could be used. This is bad because it's exposed > to a MITM attack.
Got it. Thanks! All the best, Tom -- Thomas S. Dye http://www.tsdye.com _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
