diff options
Diffstat (limited to 'fetchmailconf')
| -rwxr-xr-x | fetchmailconf | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/fetchmailconf b/fetchmailconf index 8ec65603..ab4aa9de 100755 --- a/fetchmailconf +++ b/fetchmailconf @@ -238,6 +238,9 @@ class User: self.sslkey = None # SSL key filename self.sslcert = None # SSL certificate filename self.sslproto = None # Force SSL? + self.sslcertck = 0 # Enable strict SSL cert checking + self.sslcertpath = None # Path to trusted certificates + self.sslfingerprint = None # SSL key fingerprint to check self.properties = None # Extension properties User.typemap = ( ('remote', 'String'), @@ -271,6 +274,9 @@ class User: ('ssl', 'Boolean'), ('sslkey', 'String'), ('sslcert', 'String'), + ('sslcertck', 'Boolean'), + ('sslcertpath', 'String'), + ('sslfingerprint', 'String'), ('properties', 'String')) def __repr__(self): @@ -331,8 +337,14 @@ class User: res = res + " sslkey " + `self.sslkey` if self.sslcert and self.sslcert != UserDefaults.sslcert: res = res + " sslcert " + `self.sslcert` - if self.sslproto and self.sslcert != UserDefaults.sslproto: - res = res + " sslproto " + `self.sslcert` + if self.sslproto and self.sslproto != UserDefaults.sslproto: + res = res + " sslproto " + `self.sslproto` + if self.sslcertck and self.sslcertck != UserDefaults.sslcertck: + res = res + flag2str(self.sslcertck, 'sslcertck') + if self.sslcertpath and self.sslcertpath != UserDefaults.sslcertpath: + res = res + " sslcertpath " + `self.sslcertpath` + if self.sslfingerprint and self.sslfingerprint != UserDefaults.sslfingerprint: + res = res + " sslfingerprint " + `self.sslfingerprint` if self.expunge != UserDefaults.expunge: res = res + " expunge " + `self.expunge` res = res + "\n" @@ -925,6 +937,10 @@ manual page for details on these. The ssl option enables SSL communication with a mailserver supporting Secure Sockets Layer. The sslkey and sslcert options declare key and certificate files for use with SSL. +The sslcertck option enables strict checking of SSL server +certificates (and sslcertpath gives trusted certificate +directory). With sslfingerprint, you can specify a finger- +print the server's key is checked against. The `netsec' option will be configurable only if fetchmail was compiled with IPV6 support. If you need to use it, @@ -1535,6 +1551,12 @@ class UserEdit(Frame, MyWidget): self.sslkey, '14').pack(side=TOP, fill=X) LabeledEntry(sslwin, 'SSL certificate:', self.sslcert, '14').pack(side=TOP, fill=X) + Checkbutton(sslwin, text="Check server SSL certificate?", + variable=self.sslcertck).pack(side=TOP, fill=X) + LabeledEntry(sslwin, 'SSL trusted certificate directory:', + self.sslcertpath, '14').pack(side=TOP, fill=X) + LabeledEntry(sslwin, 'SSL key fingerprint:', + self.sslfingerprint, '14').pack(side=TOP, fill=X) sslwin.pack(fill=X, anchor=N) names = Frame(leftwin, relief=RAISED, bd=5) @@ -1813,8 +1835,8 @@ def copy_instance(toclass, fromdict): # present in the dictionary. optional = ('interface', 'monitor', 'netsec', - 'ssl', 'sslkey', 'sslcert', 'sslproto', - 'showdots') + 'ssl', 'sslkey', 'sslcert', 'sslproto', 'sslcertck', + 'sslcertpath', 'sslfingerprint', 'showdots') class_sig = setdiff(toclass.__dict__.keys(), optional) class_sig.sort() dict_keys = setdiff(fromdict.keys(), optional) |