From 3908e99ef2c02e704ce8d92a409d2e884116c616 Mon Sep 17 00:00:00 2001 From: VG Date: Wed, 16 Dec 2015 19:47:24 +0100 Subject: add option to bypass ssl hostname and/or ca check --- climl_imap_bridge.py | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/climl_imap_bridge.py b/climl_imap_bridge.py index f4d75e7..8070b86 100644 --- a/climl_imap_bridge.py +++ b/climl_imap_bridge.py @@ -5,16 +5,27 @@ import subprocess import confparser import imapclient +import backports.ssl + def connect_to_imap(conf, password): - ssl_context = None + cafile = conf.get('imap.tls_ca', None) + + if cafile: + cafile = os.path.expanduser(cafile) + + ssl_context = imapclient.create_default_context(cafile=cafile) + + if conf.get('imap.tls_nocheck_hostname', 'false').lower() == 'true': + # don't check if certificate hostname doesn't match target hostname + ssl_context.check_hostname = False - if conf.get('imap.ssl_ca', None): - ssl_context = imapclient.create_default_context( - cafile=os.path.expanduser(conf.get('imap.ssl_ca'))) + if conf.get('imap.tls_nocheck_ca', 'false').lower() == 'true': + # don't check if the certificate is trusted by a certificate authority + ssl_context.verify_mode = backports.ssl.CERT_NONE connection = imapclient.IMAPClient(host=conf.get('imap.server'), - ssl=conf.get('imap.ssl', 'true').lower() == 'true', + ssl=conf.get('imap.tls', 'true').lower() == 'true', ssl_context=ssl_context) if conf.get('imap.start_tls', 'false').lower() == 'true': connection.start_tls(ssl_context=ssl_context) -- cgit v1.2.3