#!/bin/cat
# $Id: FAQ.Security.txt,v 1.3 2016/01/18 18:14:12 gilles Exp gilles $

=======================================================
  Imapsync tips about security. Issues and solutions.
=======================================================


======================================================================
Q. Imapsync used to use SSL_VERIFY_PEER now it uses SSL_VERIFY_NONE.
   How can I change this back to the more secure SSL_VERIFY_PEER?


R1. In function "sub set_ssl", replace 
  IO::Socket::SSL::SSL_VERIFY_NONE()
by
  IO::Socket::SSL::SSL_VERIFY_PEER()

R2. After imapsync 1.673, for example
    to set SSL_verify_mode to SSL_VERIFY_PEER on host1
    and    SSL_verify_mode to SSL_VERIFY_NONE on host2

  imapsync ...  --ssl1 --ssl2  \
                --sslargs1 SSL_verify_mode=1 \
                --sslargs2 SSL_verify_mode=0 \

C1. Don't do this in function "sub set_tls" since it won't work by principle,
    tls is done AFTER the application level connexion is established