PIM
/
offlineimap
mirror of https://github.com/OfflineIMAP/offlineimap.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge 9341649681 into db4a5e149f

This commit is contained in:
RR 2018-05-14 19:45:50 +00:00 committed by GitHub
parent db4a5e149f 9341649681
commit f83f9c53ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
offlineimap.conf
View File

@ -787,10 +787,11 @@ remotehost = examplehost
#
# In Windows, Microsoft uses the term "thumbprint" instead of "fingerprint".
#
# Supported fingerprint hashes are sha512, sha384, sha256, sha224 and sha1.
# Fingerprints must be in hexadecimal form without leading '0x':
# 40 hex digits like bbfe29cf97acb204591edbafe0aa8c8f914287c9.
#
#cert_fingerprint = <SHA1_of_server_certificate_here>[, <another_SHA1>]
#cert_fingerprint = <SHAn_of_server_certificate_here>[, <another_SHAm>]
# This option stands in the [Repository RemoteExample] section.

13
offlineimap/imaplibutil.py
View File

@ -23,7 +23,7 @@ import socket
import errno
import zlib
from sys import exc_info
from hashlib import sha1
from hashlib import sha512, sha384, sha256, sha224, sha1
import six
@ -201,15 +201,18 @@ class WrappedIMAP4_SSL(UsefulIMAPMixIn, IMAP4_SSL):
"having SSL helps nothing.", OfflineImapError.ERROR.REPO)
super(WrappedIMAP4_SSL, self).open(host, port)
if self._fingerprint:
server_cert = self.sock.getpeercert(True)
hashes = sha512, sha384, sha256, sha224, sha1
server_fingerprints = [hash(server_cert).hexdigest() for hash in hashes]
# compare fingerprints
fingerprint = sha1(self.sock.getpeercert(True)).hexdigest()
if fingerprint not in self._fingerprint:
raise OfflineImapError("Server SSL fingerprint '%s' "
matches = [(server_fingerprint in self._fingerprint) for server_fingerprint in server_fingerprints]
if not any(matches):
raise OfflineImapError("Server SSL fingerprint(s) '%s' "
"for hostname '%s' "
"does not match configured fingerprint(s) %s. "
"Please verify and set 'cert_fingerprint' accordingly "
"if not set yet."%
(fingerprint, host, self._fingerprint),
(zip([hash.__name__ for hash in hashes], server_fingerprints), host, self._fingerprint),
OfflineImapError.ERROR.REPO)