Fix missing SSL hostname validation [MiM Vuln]

    fixes ConradIrwin#25

    Based on:
    lostisland/faraday@63cf47c
    igrigorik/em-http-request#339

** missing file

lib/em-imap/ssl_verifier.rb

@@ -0,0 +1,61 @@
+require 'openssl'
+
+module EventMachine
+  # Provides the ssl_verify_peer method to EM::IMAP::Connection to verify certificates
+  # for use in ssl connections
+  #
+  module IMAP
+    module Connection
+      def ssl_verify_peer(cert_string)
+        cert = nil
+        begin
+          cert = OpenSSL::X509::Certificate.new(cert_string)
+        rescue OpenSSL::X509::CertificateError
+          return false
+        end
+
+        @last_seen_cert = cert
+
+        if certificate_store.verify(@last_seen_cert)
+          begin
+            certificate_store.add_cert(@last_seen_cert)
+          rescue OpenSSL::X509::StoreError => e
+            raise e unless e.message == 'cert already in hash table'
+          end
+          true
+        else
+          raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}"))
+        end
+      end
+
+      def ssl_handshake_completed
+        return true unless verify_peer?
+        unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
+          raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate))
+        else
+          true
+        end
+      end
+
+
+      def verify_peer?
+        true
+#        parent.connopts.tls[:verify_peer]
+      end
+
+      def certificate_store
+        @certificate_store ||= begin
+          store = OpenSSL::X509::Store.new
+          store.set_default_paths
+#          ca_file = parent.connopts.tls[:cert_chain_file]
+          ca_file = nil
+          store.add_file(ca_file) if ca_file
+          store
+        end
+
+
+      end
+    end
+  end
+end
+