You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
software was altered, in order to use the systems SSL-Context as
default.
It allows to toggle the use of the SSL-Default Context. It does not
allow to use a custom context.
Considerations:
* If No SSL-Validation should be done, the ImboxClass should be adapted, in
order to achieve configuration of the ssl-context. This commit does not
contain this alteration.
Other Changes:
* Reformatted long lines
Hi Folks,
from my Impression current imbox does not validate SSL/TLS certificates.
https://github.com/martinrusev/imbox/blob/master/imbox/imap.py#L21
calls
IMAP4_SSL
default constructor which looks like:As you can see at
ssl_context=None
. This default configuration does not validate SSL/TLS certificates!Using the default configuration makes software using Imbox vulnerable!
Idea to solve this problem (untested sketch code!)
Issuetrace: certtools/intelmq#532
The text was updated successfully, but these errors were encountered: