https://github.com/python/cpython/commit/f3bf8abb8c0f4cb20bed3dc7d98eca4a2d668709 commit: f3bf8abb8c0f4cb20bed3dc7d98eca4a2d668709 branch: main author: Serhiy Storchaka <[email protected]> committer: serhiy-storchaka <[email protected]> date: 2026-07-02T10:19:11+03:00 summary:
gh-72507: Document that imaplib does not verify TLS certificates by default (GH-152778) IMAP4_SSL() and IMAP4.starttls() do not verify the server certificate or hostname unless a suitable ssl_context is passed. Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]> files: M Doc/library/imaplib.rst diff --git a/Doc/library/imaplib.rst b/Doc/library/imaplib.rst index 01de1bc393c5bb..4a714652ecf5d2 100644 --- a/Doc/library/imaplib.rst +++ b/Doc/library/imaplib.rst @@ -89,6 +89,13 @@ There's also a subclass for secure connections: (potentially long-lived) structure. Please read :ref:`ssl-security` for best practices. + .. note:: + + With the default *ssl_context*, the connection is encrypted but the + server certificate and hostname are not verified. + To verify them, pass a context created by + :func:`ssl.create_default_context`. + The optional *timeout* parameter specifies a timeout in seconds for the connection attempt. If timeout is not given or is ``None``, the global default socket timeout is used. @@ -586,6 +593,13 @@ An :class:`IMAP4` instance has the following methods: encryption on the IMAP connection. Please read :ref:`ssl-security` for best practices. + .. note:: + + With the default *ssl_context*, the connection is encrypted but the + server certificate and hostname are not verified. + To verify them, pass a context created by + :func:`ssl.create_default_context`. + .. versionadded:: 3.2 .. versionchanged:: 3.4 _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
