Use mail_certificate_checks configuration in imap.rs

src/imap.rs

@@ -11,7 +11,7 @@ use crate::dc_receive_imf::dc_receive_imf;
 use crate::error::Error;
 use crate::events::Event;
 use crate::job::{connect_to_inbox, job_add, Action};
-use crate::login_param::LoginParam;
+use crate::login_param::{CertificateChecks, LoginParam};
 use crate::message::{self, update_msg_move_state, update_server_uid};
 use crate::oauth2::dc_get_oauth2_access_token;
 use crate::param::Params;
@@ -108,14 +108,28 @@ impl Client {
     pub fn connect_secure<A: net::ToSocketAddrs, S: AsRef<str>>(
         addr: A,
         domain: S,
+        certificate_checks: CertificateChecks,
     ) -> imap::error::Result<Self> {
         let stream = net::TcpStream::connect(addr)?;
-        let tls = native_tls::TlsConnector::builder()
-            // see also: https://github.com/deltachat/deltachat-core-rust/issues/203
-            .danger_accept_invalid_certs(true)
-            .danger_accept_invalid_hostnames(true)
-            .build()
-            .unwrap();
+        let mut tls_builder = native_tls::TlsConnector::builder();
+        let tls = match certificate_checks {
+            CertificateChecks::Automatic => {
+                // Same as AcceptInvalidCertificates for now.
+                // TODO: use provider database when it becomes available
+                tls_builder
+                    .danger_accept_invalid_hostnames(true)
+                    .danger_accept_invalid_certs(true)
+            }
+            CertificateChecks::Strict => &mut tls_builder,
+            CertificateChecks::AcceptInvalidHostnames => {
+                tls_builder.danger_accept_invalid_hostnames(true)
+            }
+            CertificateChecks::AcceptInvalidCertificates => tls_builder
+                .danger_accept_invalid_hostnames(true)
+                .danger_accept_invalid_certs(true),
+        }
+        .build()
+        .unwrap();
 
         let s = stream.try_clone().expect("cloning the stream failed");
         let tls_stream = native_tls::TlsConnector::connect(&tls, domain.as_ref(), s)?;
@@ -321,6 +335,7 @@ struct ImapConfig {
     pub imap_port: u16,
     pub imap_user: String,
     pub imap_pw: String,
+    pub certificate_checks: CertificateChecks,
     pub server_flags: usize,
     pub selected_folder: Option<String>,
     pub selected_mailbox: Option<imap::types::Mailbox>,
@@ -339,6 +354,7 @@ impl Default for ImapConfig {
             imap_port: 0,
             imap_user: "".into(),
             imap_pw: "".into(),
+            certificate_checks: Default::default(),
             server_flags: 0,
             selected_folder: None,
             selected_mailbox: None,
@@ -407,7 +423,11 @@ impl Imap {
                 let imap_server: &str = config.imap_server.as_ref();
                 let imap_port = config.imap_port;
 
-                Client::connect_secure((imap_server, imap_port), imap_server)
+                Client::connect_secure(
+                    (imap_server, imap_port),
+                    imap_server,
+                    config.certificate_checks,
+                )
             };
 
         let login_res = match connection_res {
@@ -534,6 +554,7 @@ impl Imap {
             config.imap_port = imap_port;
             config.imap_user = imap_user.to_string();
             config.imap_pw = imap_pw.to_string();
+            config.certificate_checks = lp.mail_certificate_checks;
             config.server_flags = server_flags;
         }
 

src/login_param.rs

@@ -4,7 +4,7 @@ use std::fmt;
 use crate::context::Context;
 use crate::error::Error;
 
-#[derive(Debug, FromPrimitive)]
+#[derive(Copy, Clone, Debug, FromPrimitive)]
 #[repr(i32)]
 pub enum CertificateChecks {
     Automatic,