➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2010-11-01 03:55 by asdfasdfasdfasdfasdfasdfasdf, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (4) | |||
|---|---|---|---|
| msg120108 - (view) | Author: david (asdfasdfasdfasdfasdfasdfasdf) | Date: 2010-11-01 03:55 | |
imaplib should provide a means to validate a remote server ssl certificate(s).
So currently imaplib allows you to do the following:
import imaplib
conn = imaplib.IMAP4_SSL("imap.gmail.com")
#the following should fail
conn = imaplib.IMAP4_SSL("74.125.39.109")
conn = imaplib.IMAP4_SSL("i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org",
443)
conn = imaplib.IMAP4_SSL("insert_self_signed_imap_server_here")
However, only the first call("imap.gmail.com") should *NOT* result in an error being raised (if the certificate is being checked :) ).
I wasn't able to find a way to get imaplib.IMAP4_SSL to take the certificate for the remote server without wanting a private cert (which wasn't / isn't desired ).
If an option is added / method added that takes in an optional parameter to validate the remote IMAP's ssl certificate has been signed by a trusted certificate authority this would be a good solution.
|
|||
| msg120142 - (view) | Author: Antoine Pitrou (pitrou) *  |
Date: 2010-11-01 17:31 | |
Right, IMAP_SSL should first accept an additional context argument as noted in issue10274. Then it can be patched to optionally call ssl.match_hostname on the server certificate. That second part can mimick what is done by HTTPSConnection: http://code.python.org/hg/branches/py3k/file/tip/Lib/http/client.py#l1052 |
|||
| msg120143 - (view) | Author: Antoine Pitrou (pitrou) * |
Date: 2010-11-01 17:32 | |
Sorry, the actual issue number is issue8808. |
|||
| msg275017 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2016-09-08 14:28 | |
You can use a custom ssl context to enforce cert and hostname validation:
>>> import imaplib, ssl
>>> ctx = ssl.create_default_context()
>>> conn = imaplib.IMAP4_SSL("74.125.133.109", ssl_context=ctx)
Traceback (most recent call last):
...
ssl.CertificateError: hostname '74.125.133.109' doesn't match 'imap.gmail.com'
|
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:08 | admin | set | github: 54483 |
| 2016-09-08 14:28:18 | christian.heimes | set | status: open -> closed nosy: + christian.heimes messages: + msg275017 resolution: fixed stage: needs patch -> resolved |
| 2010-11-17 09:50:26 | eric.araujo | set | nosy:
+ eric.araujo |
| 2010-11-01 17:32:53 | pitrou | set | dependencies:
+ imaplib should support SSL contexts, - imaplib should provide a means to validate a remote server ssl certificate(s) messages: + msg120143 |
| 2010-11-01 17:32:53 | pitrou | unlink | issue10274 dependencies |
| 2010-11-01 17:31:44 | pitrou | set | versions:
+ Python 3.3 messages: + msg120142 dependencies: + imaplib should provide a means to validate a remote server ssl certificate(s) type: security -> enhancement stage: needs patch |
| 2010-11-01 17:31:44 | pitrou | link | issue10274 dependencies |
| 2010-11-01 17:24:55 | eric.araujo | set | nosy:
+ pitrou |
| 2010-11-01 03:55:32 | asdfasdfasdfasdfasdfasdfasdf | create | |