diff --git a/deltachat-ffi/deltachat.h b/deltachat-ffi/deltachat.h index 560154134..8159e87d5 100644 --- a/deltachat-ffi/deltachat.h +++ b/deltachat-ffi/deltachat.h @@ -3793,9 +3793,10 @@ int64_t dc_lot_get_timestamp (const dc_lot_t* lot); */ /** - * Configure certificate checks automatically. + * Accept invalid certificates, including self-signed ones + * or having incorrect hostname. */ -#define DC_CERTCK_AUTO 0 +#define DC_CERTCK_ACCEPT_INVALID_CERTIFICATES 0 /** * Strictly check TLS certificates; @@ -3803,12 +3804,6 @@ int64_t dc_lot_get_timestamp (const dc_lot_t* lot); */ #define DC_CERTCK_STRICT 1 -/** - * Accept invalid certificates, including self-signed ones - * or having incorrect hostname. - */ -#define DC_CERTCK_ACCEPT_INVALID_CERTIFICATES 3 - /** * @} */ diff --git a/python/src/deltachat/const.py b/python/src/deltachat/const.py index 20139ef44..45a95a3e0 100644 --- a/python/src/deltachat/const.py +++ b/python/src/deltachat/const.py @@ -68,9 +68,8 @@ DC_LP_IMAP_SOCKET_PLAIN = 0x400 DC_LP_SMTP_SOCKET_STARTTLS = 0x10000 DC_LP_SMTP_SOCKET_SSL = 0x20000 DC_LP_SMTP_SOCKET_PLAIN = 0x40000 -DC_CERTCK_AUTO = 0 +DC_CERTCK_ACCEPT_INVALID_CERTIFICATES = 0 DC_CERTCK_STRICT = 1 -DC_CERTCK_ACCEPT_INVALID_CERTIFICATES = 3 DC_EMPTY_MVBOX = 0x01 DC_EMPTY_INBOX = 0x02 DC_EVENT_INFO = 100 diff --git a/src/login_param.rs b/src/login_param.rs index 7309a90ad..d7d9a9647 100644 --- a/src/login_param.rs +++ b/src/login_param.rs @@ -9,19 +9,21 @@ use crate::context::Context; #[repr(i32)] #[strum(serialize_all = "snake_case")] pub enum CertificateChecks { - Automatic = 0, + AcceptInvalidCertificates = 0, Strict = 1, /// Same as AcceptInvalidCertificates /// Previously known as AcceptInvalidHostnames, now deprecated. AcceptInvalidCertificates2 = 2, - AcceptInvalidCertificates = 3, + /// Same as AcceptInvalidCertificates + /// Deprecated. + AcceptInvalidCertificates3 = 3, } impl Default for CertificateChecks { fn default() -> Self { - Self::Automatic + Self::Strict } } @@ -280,16 +282,8 @@ fn get_readable_flags(flags: i32) -> String { pub fn dc_build_tls(certificate_checks: CertificateChecks) -> async_native_tls::TlsConnector { let tls_builder = async_native_tls::TlsConnector::new(); match certificate_checks { - CertificateChecks::Automatic => { - // Same as AcceptInvalidCertificates for now. - // TODO: use provider database when it becomes available - tls_builder - .danger_accept_invalid_hostnames(true) - .danger_accept_invalid_certs(true) - } CertificateChecks::Strict => tls_builder, - CertificateChecks::AcceptInvalidCertificates - | CertificateChecks::AcceptInvalidCertificates2 => tls_builder + _ => tls_builder .danger_accept_invalid_hostnames(true) .danger_accept_invalid_certs(true), } @@ -303,6 +297,8 @@ mod tests { fn test_certificate_checks_display() { use std::string::ToString; + assert_eq!("strict".to_string(), CertificateChecks::Strict.to_string()); + assert_eq!( "accept_invalid_certificates".to_string(), CertificateChecks::AcceptInvalidCertificates.to_string() diff --git a/src/provider/data.rs b/src/provider/data.rs index 3f5fbb058..83e078695 100644 --- a/src/provider/data.rs +++ b/src/provider/data.rs @@ -177,6 +177,8 @@ lazy_static::lazy_static! { ConfigDefault { key: Config::MvboxMove, value: "0" }, ConfigDefault { key: Config::E2eeEnabled, value: "0" }, ConfigDefault { key: Config::MediaQuality, value: "1" }, + ConfigDefault { key: Config::ImapCertificateChecks, value: "0" }, + ConfigDefault { key: Config::SmtpCertificateChecks, value: "0" }, ]), };