Allow disabling TLS hostname verification

[kiall]

This adds a new configuration option to disable TLS hostname verification. This allows for configuring TLS to be on, but pointed at localhost - even though the IMAP servers TLS cert doesn't contain a localhost as a SAN or CN.

[kousu]

I thought about writing this too, but concluded that I would never need this.

If connecting to localhost I don't really need encryption anyway, and in any case most servers have their name in /etc/hosts like mail.yourdomain.com 127.0.0.1, so I can just talk to its public address and TLS will work correctly; if my server doesn't have the right line there, it's just as easy to add that line as this extra config line.

And if connecting to a remote server with a self-signed cert, it's about equal effort to install it to /etc/ssl/certs the conventional way, rather than opening yourself up to MITM; either:

openssl s_client -connect mail.example.org:143 -starttls imap -showcerts | openssl x509 | sudo tee /etc/ssl/certs/mail.example.org.pem && sudo c_rehash`

openssl s_client -connect mail.example.org:993 -showcerts | openssl x509 | sudo tee /etc/ssl/certs/mail.example.org.pem && sudo c_rehash

[kousu]

Funny, looks like the author wanted this feature at some point? https://github.com/Unrud/RadicaleIMAP/pull/1#discussion_r139309836

But in the 2022 version there's no way to disable the hostname check, now, because every path uses ssl.create_default_context() which implies cert verification:

https://github.com/Unrud/RadicaleIMAP/blob/8e3e6bbae5768db86cf9edad6f2c78b4c626e101/radicale_imap/init.py#L63-L72

[pbiering]

as the IMAP plugin was now merged into radicale 3.4.1.dev by https://github.com/Kozea/Radicale/pull/1681 please open PR now against radicale