Merge 9341649681
into db4a5e149f
This commit is contained in:
commit
f83f9c53ff
|
@ -787,10 +787,11 @@ remotehost = examplehost
|
|||
#
|
||||
# In Windows, Microsoft uses the term "thumbprint" instead of "fingerprint".
|
||||
#
|
||||
# Supported fingerprint hashes are sha512, sha384, sha256, sha224 and sha1.
|
||||
# Fingerprints must be in hexadecimal form without leading '0x':
|
||||
# 40 hex digits like bbfe29cf97acb204591edbafe0aa8c8f914287c9.
|
||||
#
|
||||
#cert_fingerprint = <SHA1_of_server_certificate_here>[, <another_SHA1>]
|
||||
#cert_fingerprint = <SHAn_of_server_certificate_here>[, <another_SHAm>]
|
||||
|
||||
|
||||
# This option stands in the [Repository RemoteExample] section.
|
||||
|
|
|
@ -23,7 +23,7 @@ import socket
|
|||
import errno
|
||||
import zlib
|
||||
from sys import exc_info
|
||||
from hashlib import sha1
|
||||
from hashlib import sha512, sha384, sha256, sha224, sha1
|
||||
|
||||
import six
|
||||
|
||||
|
@ -201,15 +201,18 @@ class WrappedIMAP4_SSL(UsefulIMAPMixIn, IMAP4_SSL):
|
|||
"having SSL helps nothing.", OfflineImapError.ERROR.REPO)
|
||||
super(WrappedIMAP4_SSL, self).open(host, port)
|
||||
if self._fingerprint:
|
||||
server_cert = self.sock.getpeercert(True)
|
||||
hashes = sha512, sha384, sha256, sha224, sha1
|
||||
server_fingerprints = [hash(server_cert).hexdigest() for hash in hashes]
|
||||
# compare fingerprints
|
||||
fingerprint = sha1(self.sock.getpeercert(True)).hexdigest()
|
||||
if fingerprint not in self._fingerprint:
|
||||
raise OfflineImapError("Server SSL fingerprint '%s' "
|
||||
matches = [(server_fingerprint in self._fingerprint) for server_fingerprint in server_fingerprints]
|
||||
if not any(matches):
|
||||
raise OfflineImapError("Server SSL fingerprint(s) '%s' "
|
||||
"for hostname '%s' "
|
||||
"does not match configured fingerprint(s) %s. "
|
||||
"Please verify and set 'cert_fingerprint' accordingly "
|
||||
"if not set yet."%
|
||||
(fingerprint, host, self._fingerprint),
|
||||
(zip([hash.__name__ for hash in hashes], server_fingerprints), host, self._fingerprint),
|
||||
OfflineImapError.ERROR.REPO)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue