[New-bugs-announce] [issue10274] imaplib should provide a means to validate a remote server ssl certificate(s)

[david]

New submission from david <db.pub.mail at gmail.com>:

imaplib should provide a means to validate a remote server ssl certificate(s).

So currently imaplib allows you to do the following:

import imaplib
conn = imaplib.IMAP4_SSL("imap.gmail.com")

#the following should fail
conn = imaplib.IMAP4_SSL("74.125.39.109")
conn = imaplib.IMAP4_SSL("i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org",
443)
conn = imaplib.IMAP4_SSL("insert_self_signed_imap_server_here")
However, only the first call("imap.gmail.com") should *NOT* result in an error being raised (if the certificate is being checked :) ).

I wasn't able to find a way to get imaplib.IMAP4_SSL to take the certificate for the remote server without wanting a private cert (which wasn't / isn't desired ).

If an option is added / method added that takes in an optional parameter to validate the remote IMAP's ssl certificate has been signed by a trusted certificate authority this would be a good solution.

----------
components: None
messages: 120108
nosy: db
priority: normal
severity: normal
status: open
title: imaplib should provide a means to validate a remote server ssl certificate(s)
type: security
versions: Python 3.2

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10274>
_______________________________________