Hacker News new | past | comments | ask | show | jobs | submit login

Be default, yes: https://github.com/gaubert/gmvault/blob/master/src/gmv/imap_...

However, if I recall correctly, Python's built-in SSL support doesn't do certificate verification, so you're still completely open to man in the middle attacks.

That's a good point, and a tool like this probably really should be verifying the host.

(To the author) See http://stackoverflow.com/questions/1087227/validate-ssl-cert... for multiple options to accomplish this.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact