Hacker News new | comments | show | ask | jobs | submit login

Be default, yes: https://github.com/gaubert/gmvault/blob/master/src/gmv/imap_...

However, if I recall correctly, Python's built-in SSL support doesn't do certificate verification, so you're still completely open to man in the middle attacks.




That's a good point, and a tool like this probably really should be verifying the host.

(To the author) See http://stackoverflow.com/questions/1087227/validate-ssl-cert... for multiple options to accomplish this.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: