[Dev] Twisted+M2Crypto version 2
Heikki Toivonen
heikki at osafoundation.org
Wed Jan 5 21:14:19 PST 2005
I finally checked in and enabled the rearchitected Twisted+M2Crypto
code. The new code lives all in M2Crypto, which means we should be able
to upgrade Twisted freely as long as the public interfaces won't change.
I have tested that I am able to receive IMAP over SSL, send mail over
SSL (SMTP + STARTLS) and share collections (sending mail over SSL).
However, since this is very different code, please let me know if you
notice new problems with mail.
I also took the first step in validating SSL connections. Specifically,
we are now using the same certificate list as Mozilla and checking that
the certificates that are returned by the servers we connect to chain
back to our list. For all other servers (including all self-signed ones,
like mail.osafoundation.org), you need to append the CA cert to
chandler/crypto/cacert.pem. For mail.osafoundation.org you can download
the cert from
http://kahuna.osafoundation.org/~jbotz/osafoundation.org-ca.crt. Let me
know if you need help getting certs in usable format (hint: the command
line tools from OpenSSL can do this).
The remaining step in validation is to make sure that the certificate we
received was issued for the server we thought we connected to. Until
this step is implemented you cannot trust the SSL connection. I'll let
you know when that is done.
--
Heikki Toivonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.osafoundation.org/pipermail/dev/attachments/20050105/7950752f/signature.bin
More information about the Dev
mailing list