Add support for ssl client certificates

  This patch adds sslclientcert and sslclientkey configuration
  options which are passed through to imaplib in order to allow
  the use of client certificates for authentication.

Tue Nov 13 14:44:17 CST 2007  Mark Hymers <mhy@debian.org>

diff --git a/offlineimap.conf b/offlineimap.conf
index e7b80a88c27241d15e0296ac817f4aefeec9fa1d..996fe7a900131ef3e557f9658529471b8161b13a 100644 (file)
--- a/offlineimap.conf
+++ b/offlineimap.conf
@@ -221,6 +221,12 @@ remotehost = examplehost
 # Whether or not to use SSL.
 ssl = yes
 
+# SSL Client certificate (optional)
+# sslclientcert = /path/to/file.crt
+
+# SSL Client key (optional)
+# sslclientkey = /path/to/file.key
+
 # Specify the port.  If not specified, use a default port.
 # remoteport = 993
 

diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py
index 4e37ece334e6cfc8dad8a566e24d9b24034cce37..7d99e19de2c7e9d6b13aa36f88db25ea425ab62a 100644 (file)
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@@ -72,7 +72,7 @@ class IMAPServer:
     def __init__(self, config, reposname,
                  username = None, password = None, hostname = None,
                  port = None, ssl = 1, maxconnections = 1, tunnel = None,
-                 reference = '""'):
+                 reference = '""', sslclientcert = None, sslclientkey = None):
         self.reposname = reposname
         self.config = config
         self.username = username
@@ -83,6 +83,8 @@ class IMAPServer:
         self.tunnel = tunnel
         self.port = port
         self.usessl = ssl
+        self.sslclientcert = sslclientcert
+        self.sslclientkey = sslclientkey
         self.delim = None
         self.root = None
         if port == None:
@@ -218,7 +220,8 @@ class IMAPServer:
                 success = 1
             elif self.usessl:
                 UIBase.getglobalui().connecting(self.hostname, self.port)
-                imapobj = UsefulIMAP4_SSL(self.hostname, self.port)
+                imapobj = UsefulIMAP4_SSL(self.hostname, self.port,
+                                          self.sslclientkey, self.sslclientcert)
             else:
                 UIBase.getglobalui().connecting(self.hostname, self.port)
                 imapobj = UsefulIMAP4(self.hostname, self.port)
@@ -360,6 +363,8 @@ class ConfigedIMAPServer(IMAPServer):
             user = self.repos.getuser()
             port = self.repos.getport()
             ssl = self.repos.getssl()
+            sslclientcert = self.repos.getsslclientcert()
+            sslclientkey = self.repos.getsslclientkey()
         reference = self.repos.getreference()
         server = None
         password = None
@@ -379,4 +384,6 @@ class ConfigedIMAPServer(IMAPServer):
             IMAPServer.__init__(self, self.config, self.repos.getname(),
                                 user, password, host, port, ssl,
                                 self.repos.getmaxconnections(),
-                                reference = reference)
+                                reference = reference,
+                                sslclientcert = sslclientcert,
+                                sslclientkey = sslclientkey)

diff --git a/offlineimap/repository/IMAP.py b/offlineimap/repository/IMAP.py
index 85870406853ebffc7505291f1baf4d088296c300..e5be9eefaf4d24c4bdad3d3be5da96a3e95bd534 100644 (file)
--- a/offlineimap/repository/IMAP.py
+++ b/offlineimap/repository/IMAP.py
@@ -125,6 +125,12 @@ class IMAPRepository(BaseRepository):
     def getssl(self):
         return self.getconfboolean('ssl', 0)
 
+    def getsslclientcert(self):
+        return self.getconf('sslclientcert', None)
+
+    def getsslclientkey(self):
+        return self.getconf('sslclientkey', None)
+
     def getpreauthtunnel(self):
         return self.getconf('preauthtunnel', None)