[Dev] IMAP and SMTP over SSL secure - finally
heikki at osafoundation.org
Wed Feb 2 11:11:34 PST 2005
I just enabled the final piece in the SSL support for IMAP and SSL. We
now check the X.509 certificate that was returned by the server and make
sure that the host it was issued to is the same host we connected to.
The actual check is stricter than is actually specified in the RFC. I
will change it to confirm to the spec, but I would also be interested in
finding out if there actually are any certificates out there that would
not pass the current check. Specifically, the current checks are
stricter because: 1) they are case sensitive, 2) they don't allow
certificates specified for multiple hosts. I don't really like how I
implemented this whole validation step so I will redo a part of it anyway.
If you are seeing any new problems with IMAP or SMTP over email, please
let me know.
If you run into any problems with these checks, you can disable them by
commenting out the lines in chandler/parcels/osaf/mail/imap.py and
smtp.py that say something like "factory.sslChecker = SSL.Checker.Checker()"
PS. WebDAV over SSL still needs his check, but it is a bit more work to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.osafoundation.org/pipermail/chandler-dev/attachments/20050202/f12ec234/signature.pgp
More information about the Dev