I'm using imaplib and poplib to perform email collection using IMAPS and POP3S for a secure connection. But from what I've been able to determine, neither library uses a CA to confirm the validity of the certificate received. It this true? If it is, is it possible to set imaplib or poplib to use a CA?
If it's not true and they do use a CA, can someone please tell me how imaplib/poplib do it?
Thanks.
A quick check of imaplib.py shows that it uses ssl.wrap_socket() to implement the IMAP_SSL() call. The call to wrap_socket() call only provides 3-parameters, and does not pass the required parameter ca_cert which is what you need to validate the CA.
You could inherit from IMAP4_SSL, and override the open() method to pass in the required ca_cert. Check out http://docs.python.org/library/ssl.html for more info.
Perhaps something like:
class IMAP4_SSL_CA_CHECKER(IMAP4_SSL):
def open(self, host = '', port = IMAP4_SSL_PORT, ca_certs = None):
self.host = host
self.port = port
self.sock = socket.create_connection((host, port))
self.sslobj = ssl.wrap_socket(self.sock, self.keyfile,
self.certificate, ca_certs=ca_certs)
self.file = self.sslobj.makefile('rb')