Closed iliastsi closed 3 years ago
@jcristau, I noticed you wrote a fix in a7ce7da1d573849ac2e1d740d8f3238e0ad8d88c. Were you planning on making a pull request? (I can also put a fix together, but it seemed like you already did it.)
@davidben I haven't had a chance to test this yet, hence the lack of PR
Now tested to the extent that i = imaplib2.IMAP4_SSL(host="imap.gmail.com", ca_certs="/etc/ssl/certs/ca-certificates.crt")
no longer fails, and i.sock._sslobj.peer_certificate()
(py2) or i.sock._sslobj.getpeercert()
(py3) looks right.
Ah, okay. :-) I also got confirmation that your patch fixed someone's offlineimap issue.
Any luck?
(Oops, missed that you already opened a PR.)
Guys, it seems like we've run into a bit of a conundrum: Judging from the commit log, imaplib2 is completely abandoned, with the last commit being a year ago...
This is starting to become a bigger issue, since OpenSSL 1.1.1 has now been backported to Ubuntu 18.04. Is there anyone who can help us get PR #6 merged and into Python patch releases? :-)
Please, read this comment. The changes are in the 'next' branch so they will likely be included in the next release of offlineimap.
Using the latest openssl (version 1.1.1), which supports TLS 1.3, imaplib2 fails to connect to (at least) GMail:
This is because imaplib2 does not support SNI, and Google returns an invalid certificate in that case. Copying from here:
Forcing TLS 1.2 works as expected: