Skip to content

Commit 0ab38f4

Browse files
miss-islingtonserhiy-storchakaclaude
authored
[3.15] gh-72507: Document that imaplib does not verify TLS certificates by default (GH-152778) (GH-152862)
IMAP4_SSL() and IMAP4.starttls() do not verify the server certificate or hostname unless a suitable ssl_context is passed. (cherry picked from commit f3bf8ab) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 58d92ac commit 0ab38f4

1 file changed

Lines changed: 14 additions & 0 deletions

File tree

Doc/library/imaplib.rst

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,13 @@ There's also a subclass for secure connections:
8989
(potentially long-lived) structure. Please read :ref:`ssl-security` for
9090
best practices.
9191

92+
.. note::
93+
94+
With the default *ssl_context*, the connection is encrypted but the
95+
server certificate and hostname are not verified.
96+
To verify them, pass a context created by
97+
:func:`ssl.create_default_context`.
98+
9299
The optional *timeout* parameter specifies a timeout in seconds for the
93100
connection attempt. If timeout is not given or is ``None``, the global default
94101
socket timeout is used.
@@ -581,6 +588,13 @@ An :class:`IMAP4` instance has the following methods:
581588
encryption on the IMAP connection. Please read :ref:`ssl-security` for
582589
best practices.
583590

591+
.. note::
592+
593+
With the default *ssl_context*, the connection is encrypted but the
594+
server certificate and hostname are not verified.
595+
To verify them, pass a context created by
596+
:func:`ssl.create_default_context`.
597+
584598
.. versionadded:: 3.2
585599

586600
.. versionchanged:: 3.4

0 commit comments

Comments
 (0)