Allow the user to supply a custom ssl context

The new ImapTransport parameter ssl_context replaces the usesslcontext parameter and allows the user to supply their own ssl context object. If ssl_context is not given, but ssl is true, python's default ssl context is used. That default context is the one that actually does some certificate checks, such as whether the hostname matches the names given in the server's certificate and not the default context used by IMAP4_SSL when instantiated with ssl_context=None which does not certificate checks at all. The Imbox class is extended with the same ssl_context parameter which is simply passed through to ImapTransport. This commit together with the previous commits from Dustin Demuth changes Imbox in a slightly incompatible way: SSL-Certificates are now checked by default whereas before they were not checked at all. This improves security substantially but users need to be aware that working programs might start raising exceptions due to failing certificate checks.
2016-06-02 12:46:26 +02:00
parent adfbc2f3f2
commit ad085d9b82
2 changed files with 8 additions and 4 deletions
--- a/imbox/init.py
+++ b/imbox/init.py
@@ -8,9 +8,11 @@ logger = logging.getLogger(__name__)

 class Imbox(object):

-    def __init__(self, hostname, username=None, password=None, ssl=True, port=None):
+    def __init__(self, hostname, username=None, password=None, ssl=True,
+                 port=None, ssl_context=None):

-        self.server = ImapTransport(hostname, ssl=ssl, port=port)
+        self.server = ImapTransport(hostname, ssl=ssl, port=port,
+                                    ssl_context=None)
        self.hostname = hostname
        self.username = username
        self.password = password
--- a/imbox/imap.py
+++ b/imbox/imap.py
@@ -8,7 +8,7 @@ logger = logging.getLogger(__name__)

 class ImapTransport(object):

-    def __init__(self, hostname, port=None, ssl=True, usesslcontext=True):
+    def __init__(self, hostname, port=None, ssl=True, ssl_context=None):
        self.hostname = hostname
        self.port = port
        kwargs = {}
@@ -17,7 +17,9 @@ class ImapTransport(object):
            self.transport = IMAP4_SSL
            if not self.port:
                self.port = 993
-            kwargs["ssl_context"] = pythonssllib.create_default_context()
+            if ssl_context is None:
+                ssl_context = pythonssllib.create_default_context()
+            kwargs["ssl_context"] = ssl_context
        else:
            self.transport = IMAP4
            if not self.port: