diff options
| -rw-r--r-- | climl_imap_bridge.py | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/climl_imap_bridge.py b/climl_imap_bridge.py index f4d75e7..8070b86 100644 --- a/climl_imap_bridge.py +++ b/climl_imap_bridge.py @@ -5,16 +5,27 @@ import subprocess import confparser import imapclient +import backports.ssl + def connect_to_imap(conf, password): - ssl_context = None + cafile = conf.get('imap.tls_ca', None) + + if cafile: + cafile = os.path.expanduser(cafile) + + ssl_context = imapclient.create_default_context(cafile=cafile) + + if conf.get('imap.tls_nocheck_hostname', 'false').lower() == 'true': + # don't check if certificate hostname doesn't match target hostname + ssl_context.check_hostname = False - if conf.get('imap.ssl_ca', None): - ssl_context = imapclient.create_default_context( - cafile=os.path.expanduser(conf.get('imap.ssl_ca'))) + if conf.get('imap.tls_nocheck_ca', 'false').lower() == 'true': + # don't check if the certificate is trusted by a certificate authority + ssl_context.verify_mode = backports.ssl.CERT_NONE connection = imapclient.IMAPClient(host=conf.get('imap.server'), - ssl=conf.get('imap.ssl', 'true').lower() == 'true', + ssl=conf.get('imap.tls', 'true').lower() == 'true', ssl_context=ssl_context) if conf.get('imap.start_tls', 'false').lower() == 'true': connection.start_tls(ssl_context=ssl_context) |