passdb-imap: Add option to control certificate verification

Turn it on by default

src/auth/passdb-imap.c

@@ -136,6 +136,7 @@ passdb_imap_preinit(pool_t pool, const char *args)
 	module->set.ssl_mode = IMAPC_CLIENT_SSL_MODE_NONE;
 	module->set.username = "%u";
 	module->set.rawlog_dir = "";
+	module->set.ssl_verify = TRUE;
 
 	for (tmp = p_strsplit(pool, args, " "); *tmp != NULL; tmp++) {
 		key = *tmp;
@@ -169,6 +170,15 @@ passdb_imap_preinit(pool_t pool, const char *args)
 				i_fatal("passdb imap: Invalid ssl mode: %s",
 					value);
 			}
+		} else if (strcmp(key, "allow_invalid_cert") == 0) {
+			if (strcmp(value, "yes") == 0) {
+				module->set.ssl_verify = FALSE;
+			} else if (strcmp(value, "no") == 0) {
+				module->set.ssl_verify = TRUE;
+			} else {
+				i_fatal("passdb imap: Invalid allow_invalid_cert value: %s",
+					value);
+			}
 		} else {
 			i_fatal("passdb imap: Unknown parameter: %s", key);
 		}