From 3908e99ef2c02e704ce8d92a409d2e884116c616 Mon Sep 17 00:00:00 2001
From: VG <vg@devys.org>
Date: Wed, 16 Dec 2015 19:47:24 +0100
Subject: add option to bypass ssl hostname and/or ca check

---
 climl_imap_bridge.py | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/climl_imap_bridge.py b/climl_imap_bridge.py
index f4d75e7..8070b86 100644
--- a/climl_imap_bridge.py
+++ b/climl_imap_bridge.py
@@ -5,16 +5,27 @@ import subprocess
 import confparser
 import imapclient
 
+import backports.ssl
+
 def connect_to_imap(conf, password):
 
-    ssl_context = None
+    cafile = conf.get('imap.tls_ca', None)
+
+    if cafile:
+        cafile = os.path.expanduser(cafile)
+
+    ssl_context = imapclient.create_default_context(cafile=cafile)
+
+    if conf.get('imap.tls_nocheck_hostname', 'false').lower() == 'true':
+        # don't check if certificate hostname doesn't match target hostname
+        ssl_context.check_hostname = False
 
-    if conf.get('imap.ssl_ca', None):
-        ssl_context = imapclient.create_default_context(
-                cafile=os.path.expanduser(conf.get('imap.ssl_ca')))
+    if conf.get('imap.tls_nocheck_ca', 'false').lower() == 'true':
+        # don't check if the certificate is trusted by a certificate authority
+        ssl_context.verify_mode = backports.ssl.CERT_NONE
 
     connection = imapclient.IMAPClient(host=conf.get('imap.server'),
-            ssl=conf.get('imap.ssl', 'true').lower() == 'true',
+            ssl=conf.get('imap.tls', 'true').lower() == 'true',
             ssl_context=ssl_context)
     if conf.get('imap.start_tls', 'false').lower() == 'true':
         connection.start_tls(ssl_context=ssl_context)
-- 
cgit v1.2.3