From 063d98922530fa55770c52e17befc7f067d292a0 Mon Sep 17 00:00:00 2001 From: Alexander Krotov Date: Mon, 30 Sep 2019 02:49:33 +0300 Subject: [PATCH] Use mail_certificate_checks configuration in imap.rs --- src/imap.rs | 37 +++++++++++++++++++++++++++++-------- src/login_param.rs | 2 +- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/src/imap.rs b/src/imap.rs index 9380421bd..b1552fd0f 100644 --- a/src/imap.rs +++ b/src/imap.rs @@ -11,7 +11,7 @@ use crate::dc_receive_imf::dc_receive_imf; use crate::error::Error; use crate::events::Event; use crate::job::{connect_to_inbox, job_add, Action}; -use crate::login_param::LoginParam; +use crate::login_param::{CertificateChecks, LoginParam}; use crate::message::{self, update_msg_move_state, update_server_uid}; use crate::oauth2::dc_get_oauth2_access_token; use crate::param::Params; @@ -108,14 +108,28 @@ impl Client { pub fn connect_secure>( addr: A, domain: S, + certificate_checks: CertificateChecks, ) -> imap::error::Result { let stream = net::TcpStream::connect(addr)?; - let tls = native_tls::TlsConnector::builder() - // see also: https://github.com/deltachat/deltachat-core-rust/issues/203 - .danger_accept_invalid_certs(true) - .danger_accept_invalid_hostnames(true) - .build() - .unwrap(); + let mut tls_builder = native_tls::TlsConnector::builder(); + let tls = match certificate_checks { + CertificateChecks::Automatic => { + // Same as AcceptInvalidCertificates for now. + // TODO: use provider database when it becomes available + tls_builder + .danger_accept_invalid_hostnames(true) + .danger_accept_invalid_certs(true) + } + CertificateChecks::Strict => &mut tls_builder, + CertificateChecks::AcceptInvalidHostnames => { + tls_builder.danger_accept_invalid_hostnames(true) + } + CertificateChecks::AcceptInvalidCertificates => tls_builder + .danger_accept_invalid_hostnames(true) + .danger_accept_invalid_certs(true), + } + .build() + .unwrap(); let s = stream.try_clone().expect("cloning the stream failed"); let tls_stream = native_tls::TlsConnector::connect(&tls, domain.as_ref(), s)?; @@ -321,6 +335,7 @@ struct ImapConfig { pub imap_port: u16, pub imap_user: String, pub imap_pw: String, + pub certificate_checks: CertificateChecks, pub server_flags: usize, pub selected_folder: Option, pub selected_mailbox: Option, @@ -339,6 +354,7 @@ impl Default for ImapConfig { imap_port: 0, imap_user: "".into(), imap_pw: "".into(), + certificate_checks: Default::default(), server_flags: 0, selected_folder: None, selected_mailbox: None, @@ -407,7 +423,11 @@ impl Imap { let imap_server: &str = config.imap_server.as_ref(); let imap_port = config.imap_port; - Client::connect_secure((imap_server, imap_port), imap_server) + Client::connect_secure( + (imap_server, imap_port), + imap_server, + config.certificate_checks, + ) }; let login_res = match connection_res { @@ -534,6 +554,7 @@ impl Imap { config.imap_port = imap_port; config.imap_user = imap_user.to_string(); config.imap_pw = imap_pw.to_string(); + config.certificate_checks = lp.mail_certificate_checks; config.server_flags = server_flags; } diff --git a/src/login_param.rs b/src/login_param.rs index e71cdee92..c2cf0e09e 100644 --- a/src/login_param.rs +++ b/src/login_param.rs @@ -4,7 +4,7 @@ use std::fmt; use crate::context::Context; use crate::error::Error; -#[derive(Debug, FromPrimitive)] +#[derive(Copy, Clone, Debug, FromPrimitive)] #[repr(i32)] pub enum CertificateChecks { Automatic,