Your message dated Sun, 29 Apr 2012 18:48:09 +0100
with message-id <[email protected]>
and subject line offlineimap: check for ssl fingerprint
has caused the Debian Bug report #153240,
regarding offlineimap: check for ssl fingerprint
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
153240: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=153240
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: offlineimap
Version: 3.0.1
Severity: wishlist

hi :)

it would be very nice if offlineimap could check the ssl fingerprint
of the remote server, in order to prevent man-in-the-middle attacks.

that is, create a new per-account variable and only allow connects
where the fingerprint matches the one in that variable.
(like fetchmail does)

also, offlineimap -d should print the remote fingerprint

thanks


PS:
thank you very much for the great program! :)

-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux pergament 2.4.18-pergament1 #1 Mit Mär 27 23:58:25 CET 2002 i686
Locale: LANG=C, LC_CTYPE=de_DE@euro

Versions of packages offlineimap depends on:
ii  python2.2                     2.2.1-5    An interactive object-oriented scr

-- no debconf information



--- End Message ---
--- Begin Message ---
Version: 6.5.3.1-1

This is now supported.

# Whether or not to use SSL.
ssl = yes

# SSL Client certificate (optional)
# sslclientcert = /path/to/file.crt

# SSL Client key (optional)
# sslclientkey = /path/to/file.key

# SSL CA Cert(s) to verify the server cert against (optional).
# No SSL verification is done without this option. If it is
# specified, the CA Cert(s) need to verify the Server cert AND
# match the hostname (* wildcard allowed on the left hand side)
# The certificate should be in PEM format.
# sslcacertfile = /path/to/cacertfile.crt

# If you connect via SSL/TLS (ssl=true) and you have no CA certificate
# specified, offlineimap will refuse to sync as it connects to a server
# with an unknown "fingerprint". If you are sure you connect to the
# correct server, you can then configure the presented server
# fingerprint here. OfflineImap will verify that the server fingerprint
# has not changed on each connect and refuse to connect otherwise.
# You can also configure this in addition to CA certificate validation
# above and it will check both ways.

#cert_fingerprint = <SHA1_of_server_certificate_here>


For more examples see:

/usr/share/doc/offlineimap/examples/offlineimap.conf.gz


-- 
Regards,
Dmitrijs.

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---

Reply via email to