aboutsummaryrefslogtreecommitdiffstats
path: root/fetchmailconf
diff options
context:
space:
mode:
Diffstat (limited to 'fetchmailconf')
-rwxr-xr-xfetchmailconf30
1 files changed, 26 insertions, 4 deletions
diff --git a/fetchmailconf b/fetchmailconf
index 8ec65603..ab4aa9de 100755
--- a/fetchmailconf
+++ b/fetchmailconf
@@ -238,6 +238,9 @@ class User:
self.sslkey = None # SSL key filename
self.sslcert = None # SSL certificate filename
self.sslproto = None # Force SSL?
+ self.sslcertck = 0 # Enable strict SSL cert checking
+ self.sslcertpath = None # Path to trusted certificates
+ self.sslfingerprint = None # SSL key fingerprint to check
self.properties = None # Extension properties
User.typemap = (
('remote', 'String'),
@@ -271,6 +274,9 @@ class User:
('ssl', 'Boolean'),
('sslkey', 'String'),
('sslcert', 'String'),
+ ('sslcertck', 'Boolean'),
+ ('sslcertpath', 'String'),
+ ('sslfingerprint', 'String'),
('properties', 'String'))
def __repr__(self):
@@ -331,8 +337,14 @@ class User:
res = res + " sslkey " + `self.sslkey`
if self.sslcert and self.sslcert != UserDefaults.sslcert:
res = res + " sslcert " + `self.sslcert`
- if self.sslproto and self.sslcert != UserDefaults.sslproto:
- res = res + " sslproto " + `self.sslcert`
+ if self.sslproto and self.sslproto != UserDefaults.sslproto:
+ res = res + " sslproto " + `self.sslproto`
+ if self.sslcertck and self.sslcertck != UserDefaults.sslcertck:
+ res = res + flag2str(self.sslcertck, 'sslcertck')
+ if self.sslcertpath and self.sslcertpath != UserDefaults.sslcertpath:
+ res = res + " sslcertpath " + `self.sslcertpath`
+ if self.sslfingerprint and self.sslfingerprint != UserDefaults.sslfingerprint:
+ res = res + " sslfingerprint " + `self.sslfingerprint`
if self.expunge != UserDefaults.expunge:
res = res + " expunge " + `self.expunge`
res = res + "\n"
@@ -925,6 +937,10 @@ manual page for details on these.
The ssl option enables SSL communication with a mailserver
supporting Secure Sockets Layer. The sslkey and sslcert options
declare key and certificate files for use with SSL.
+The sslcertck option enables strict checking of SSL server
+certificates (and sslcertpath gives trusted certificate
+directory). With sslfingerprint, you can specify a finger-
+print the server's key is checked against.
The `netsec' option will be configurable only if fetchmail
was compiled with IPV6 support. If you need to use it,
@@ -1535,6 +1551,12 @@ class UserEdit(Frame, MyWidget):
self.sslkey, '14').pack(side=TOP, fill=X)
LabeledEntry(sslwin, 'SSL certificate:',
self.sslcert, '14').pack(side=TOP, fill=X)
+ Checkbutton(sslwin, text="Check server SSL certificate?",
+ variable=self.sslcertck).pack(side=TOP, fill=X)
+ LabeledEntry(sslwin, 'SSL trusted certificate directory:',
+ self.sslcertpath, '14').pack(side=TOP, fill=X)
+ LabeledEntry(sslwin, 'SSL key fingerprint:',
+ self.sslfingerprint, '14').pack(side=TOP, fill=X)
sslwin.pack(fill=X, anchor=N)
names = Frame(leftwin, relief=RAISED, bd=5)
@@ -1813,8 +1835,8 @@ def copy_instance(toclass, fromdict):
# present in the dictionary.
optional = ('interface', 'monitor',
'netsec',
- 'ssl', 'sslkey', 'sslcert', 'sslproto',
- 'showdots')
+ 'ssl', 'sslkey', 'sslcert', 'sslproto', 'sslcertck',
+ 'sslcertpath', 'sslfingerprint', 'showdots')
class_sig = setdiff(toclass.__dict__.keys(), optional)
class_sig.sort()
dict_keys = setdiff(fromdict.keys(), optional)