diff options
| author | VG <vg@devys.org> | 2015-12-16 19:47:24 +0100 |
|---|---|---|
| committer | VG <vg@devys.org> | 2015-12-16 19:47:24 +0100 |
| commit | 3908e99ef2c02e704ce8d92a409d2e884116c616 (patch) | |
| tree | 51d251ead17ef74ccd97e7338fa28c1a4522c6f6 | |
| parent | 567ca0efca8b89371fe4d91bbe55932c94f106e8 (diff) | |
| download | climl-3908e99ef2c02e704ce8d92a409d2e884116c616.tar.gz climl-3908e99ef2c02e704ce8d92a409d2e884116c616.tar.bz2 climl-3908e99ef2c02e704ce8d92a409d2e884116c616.zip | |
add option to bypass ssl hostname and/or ca check
| -rw-r--r-- | climl_imap_bridge.py | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/climl_imap_bridge.py b/climl_imap_bridge.py index f4d75e7..8070b86 100644 --- a/climl_imap_bridge.py +++ b/climl_imap_bridge.py @@ -5,16 +5,27 @@ import subprocess import confparser import imapclient +import backports.ssl + def connect_to_imap(conf, password): - ssl_context = None + cafile = conf.get('imap.tls_ca', None) + + if cafile: + cafile = os.path.expanduser(cafile) + + ssl_context = imapclient.create_default_context(cafile=cafile) + + if conf.get('imap.tls_nocheck_hostname', 'false').lower() == 'true': + # don't check if certificate hostname doesn't match target hostname + ssl_context.check_hostname = False - if conf.get('imap.ssl_ca', None): - ssl_context = imapclient.create_default_context( - cafile=os.path.expanduser(conf.get('imap.ssl_ca'))) + if conf.get('imap.tls_nocheck_ca', 'false').lower() == 'true': + # don't check if the certificate is trusted by a certificate authority + ssl_context.verify_mode = backports.ssl.CERT_NONE connection = imapclient.IMAPClient(host=conf.get('imap.server'), - ssl=conf.get('imap.ssl', 'true').lower() == 'true', + ssl=conf.get('imap.tls', 'true').lower() == 'true', ssl_context=ssl_context) if conf.get('imap.start_tls', 'false').lower() == 'true': connection.start_tls(ssl_context=ssl_context) |