🔒 Add Net::IMAP#tls_verified?

Returns true after the TLS negotiation has completed and the remote hostname has been verified. This can be useful, e.g. a project may require automated safeguards against selecting particular SASL mechanisms—or against authenticating at all—when TLS hasn't been established and the peer verified.
ruby · Dec 22, 2022 · b4e3004 · b4e3004
1 parent 217097b
commit b4e3004
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lib/net/imap.rb b/lib/net/imap.rb
@@ -419,6 +419,11 @@ def disconnected?
       return @sock.closed?
     end
 
+    # Returns true after the TLS negotiation has completed and the remote
+    # hostname has been verified.  This will still be false if TLS was
+    # established but peer verification was disabled.
+    def tls_verified?; @tls_verified end
+
     # Sends a CAPABILITY command, and returns an array of
     # capabilities that the server supports.  Each capability
     # is a string.  See [IMAP] for a list of possible
@@ -1303,6 +1308,7 @@ def initialize(host, port_or_options = {},
       @tagno = 0
       @open_timeout = options[:open_timeout] || 30
       @idle_response_timeout = options[:idle_response_timeout] || 5
+      @tls_verified = false
       @parser = ResponseParser.new
       @sock = tcp_socket(@host, @port)
       begin
@@ -1655,6 +1661,7 @@ def start_tls_session(params = {})
       ssl_socket_connect(@sock, @open_timeout)
       if context.verify_mode != VERIFY_NONE
         @sock.post_connection_check(@host)
+        @tls_verified = true
       end
     end