Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix SSL fingerprint was not always checked
As reported by James Cook, we would not check the fingerprint of the SSL
server, as we were looking for the 'ssl' module in locals() rather than
globals(). Ooops!

Rather than using globals() though, I simply remove the by-now
superfluous check. We now rely on python2.6 and we unconditionally
import the SSL module in any case, so it needs to be there.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
  • Loading branch information
spaetz committed Apr 19, 2012
1 parent a4b4f1f commit 895e709
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
1 change: 1 addition & 0 deletions Changelog.rst
Expand Up @@ -9,6 +9,7 @@ WIP (add new stuff for the next release)
========================================

* bump bundled imaplib2 library 2.29 --> 2.33
* Actually perform the SSL fingerprint check (reported by J. Cook)
* Curses UI, don't use colors after we shut down curses already (C.Höger)

OfflineIMAP v6.5.3.1 (2012-04-03)
Expand Down
5 changes: 2 additions & 3 deletions offlineimap/imaplibutil.py
@@ -1,6 +1,6 @@
# imaplib utilities
# Copyright (C) 2002-2007 John Goerzen <jgoerzen@complete.org>
# 2010 Sebastian Spaeth <Sebastian@SSpaeth.de>
# 2012-2012 Sebastian Spaeth <Sebastian@SSpaeth.de>
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
Expand Down Expand Up @@ -143,8 +143,7 @@ def __init__(self, *args, **kwargs):

def open(self, host=None, port=None):
super(WrappedIMAP4_SSL, self).open(host, port)
if (self._fingerprint or not self.ca_certs) and\
'ssl' in locals(): # <--disable for python 2.5
if (self._fingerprint or not self.ca_certs):
# compare fingerprints
fingerprint = sha1(self.sock.getpeercert(True)).hexdigest()
if fingerprint != self._fingerprint:
Expand Down

0 comments on commit 895e709

Please sign in to comment.