On 8 September 2016 at 11:48, Ilias Tsitsimpis <i.tsitsim...@gmail.com> wrote:
> > I am afraid this cannot be done easily, because OfflineIMAP distinguish > between sslcacertfile having and not having a value. > [snip] This means that if Debian provides a default value for the > sslcacertfile, then it is not possible to connect to a server without > verifying its certificate (and thus rendering the cert_fingerprint > option obsolete). > Is it not possible for the user to unset sslcacertfile? If that were necessary in order to use just cert_fingerprint, that would be an extra signal to the user that they are making their setup potentially less secure. > That said, OfflineIMAP provides the special value OS-DEFAULT for the > sslcacertfile option which will automatically determine the system-wide > location of the standard trusted CA roots file. > That's a help, thanks (I've used it); perhaps it could be documented in the man page? -- http://rrt.sc3d.org