Permalink
Browse files

Allow old version of Python 2.7 to use TLS

The modern implementation of ssl using SSLContext appeared in
Python 2.7.9. Previous versions can use encrypted connections but
cannot precisely configure it.

Fixes #301
  • Loading branch information...
NicolasLM committed Nov 9, 2017
1 parent 92564f7 commit fe4339f36601a8c5af46b3ceeed4ead99b138392
Showing with 20 additions and 14 deletions.
  1. +7 −12 doc/src/concepts.rst
  2. +13 −0 imapclient/tls.py
  3. +0 −2 imapclient/version.py
View
@@ -89,6 +89,13 @@ When constructing a custom context it is usually best to start with
the default context, created by the ``ssl`` module, and modify it to
suit your needs.
.. warning::
Users of Python 2.7.0 - 2.7.8 can use TLS but cannot configure
the settings via an ``ssl.SSLContext``. These Python versions are
also not capable of proper certification verification. It is highly
encouraged to upgrade to a more recent version of Python.
The following example shows how to to disable certification
verification and certificate host name checks if required.
@@ -112,18 +119,6 @@ The above examples show some of the most common TLS parameter
customisations but there are many other tweaks are possible. Consult
the Python 3 :py:mod:`ssl` package documentation for further options.
Old pyOpenSSL Versions
+++++++++++++++++++++++
IMAPClient's TLS functionality will not behaviour correctly if an
out-of-date version of pyOpenSSL is used. On some systems
(particularly OS X) the system installed version of pyOpenSSL will
take precedence over any user installed version. Use of virtualenvs is
strongly encouraged to work around this.
IMAPClient checks the installed pyOpenSSL version at import time and
will fail early if an old pyOpenSSL version is found.
Using gevent with IMAPClient
++++++++++++++++++++++++++++
Some extra monkey patching is required so that the gevent_ package can
View
@@ -13,6 +13,19 @@
def wrap_socket(sock, ssl_context, host):
if not hasattr(ssl, 'create_default_context'):
# Python 2.7.0 - 2.7.8 do not have the concept of ssl contexts.
# Thus we have to use the less flexible and legacy way of wrapping the
# socket
if ssl_context is not None:
raise RuntimeError(
"Cannot precisely configure the SSL connection, upgrade to "
"Python >= 2.7.9 to fine tune the settings."
)
return ssl.wrap_socket(sock)
if ssl_context is None:
ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
View
@@ -21,5 +21,3 @@ def _imapclient_version_string(vinfo):
author = 'Menno Finlay-Smits'
author_email = 'inbox@menno.io'
min_pyopenssl_version = '0.15.1'

0 comments on commit fe4339f

Please sign in to comment.