https://github.com/python/cpython/commit/f3bf8abb8c0f4cb20bed3dc7d98eca4a2d668709
commit: f3bf8abb8c0f4cb20bed3dc7d98eca4a2d668709
branch: main
author: Serhiy Storchaka <[email protected]>
committer: serhiy-storchaka <[email protected]>
date: 2026-07-02T10:19:11+03:00
summary:

gh-72507: Document that imaplib does not verify TLS certificates by default 
(GH-152778)

IMAP4_SSL() and IMAP4.starttls() do not verify the server certificate or
hostname unless a suitable ssl_context is passed.

Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

files:
M Doc/library/imaplib.rst

diff --git a/Doc/library/imaplib.rst b/Doc/library/imaplib.rst
index 01de1bc393c5bb..4a714652ecf5d2 100644
--- a/Doc/library/imaplib.rst
+++ b/Doc/library/imaplib.rst
@@ -89,6 +89,13 @@ There's also a subclass for secure connections:
    (potentially long-lived) structure.  Please read :ref:`ssl-security` for
    best practices.
 
+   .. note::
+
+      With the default *ssl_context*, the connection is encrypted but the
+      server certificate and hostname are not verified.
+      To verify them, pass a context created by
+      :func:`ssl.create_default_context`.
+
    The optional *timeout* parameter specifies a timeout in seconds for the
    connection attempt. If timeout is not given or is ``None``, the global 
default
    socket timeout is used.
@@ -586,6 +593,13 @@ An :class:`IMAP4` instance has the following methods:
    encryption on the IMAP connection.  Please read :ref:`ssl-security` for
    best practices.
 
+   .. note::
+
+      With the default *ssl_context*, the connection is encrypted but the
+      server certificate and hostname are not verified.
+      To verify them, pass a context created by
+      :func:`ssl.create_default_context`.
+
    .. versionadded:: 3.2
 
    .. versionchanged:: 3.4

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]

Reply via email to