remove iroh underscore domain support for now.

2026-04-27 02:16:29 +03:00 · 2026-03-04 10:53:26 +01:00
parent 2ea45552e5
commit 7f222fa883
6 changed files with 22 additions and 618 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -67,7 +67,7 @@ hyper = "1"
 hyper-util = "0.1.16"
 image = { version = "0.25.6", default-features=false, features = ["gif", "jpeg", "ico", "png", "pnm", "webp", "bmp"] }
 iroh-gossip = { version = "0.35", default-features = false, features = ["net"] }
-iroh = { version = "0.35", default-features = false, features = ["test-utils", "metrics"] }
+iroh = { version = "0.35", default-features = false }
 kamadak-exif = "0.6.1"
 libc = { workspace = true }
 mail-builder = { version = "0.4.4", default-features = false }
--- a/deltachat-rpc-client/tests/test_iroh_webxdc.py
+++ b/deltachat-rpc-client/tests/test_iroh_webxdc.py
@@ -17,6 +17,13 @@ import pytest
 from deltachat_rpc_client import EventType


+@pytest.fixture(autouse=True)
+def _xfail_underscore_domain():
+    domain = os.environ.get("CHATMAIL_DOMAIN", "")
+    if domain.startswith("_"):
+        pytest.xfail("Iroh tests are expected to fail on underscore domains (self-signed TLS certificates)")
+
+
@pytest.fixture
 def path_to_webxdc(request):
    p = request.path.parent.parent.parent.joinpath("test-data/webxdc/chess.xdc")
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -1016,7 +1016,6 @@ def test_configured_imap_certificate_checks(acfactory):

    # Certificate checks should be configured (not None)
    info = alice.get_info()
-    domain = alice.get_config("addr").split("@")[-1]
    assert "cert_automatic" in info.used_transport_settings

    # "cert_old_automatic" is the value old Delta Chat core versions used
--- a/deny.toml
+++ b/deny.toml
@@ -27,8 +27,6 @@ ignore = [
 skip = [
     { name = "async-channel", version = "1.9.0" },
     { name = "bitflags", version = "1.3.2" },
-     { name = "core-foundation", version = "0.9.4" },
-     { name = "core-foundation", version = "0.10.1" },
     { name = "derive_more-impl", version = "1.0.0" },
     { name = "derive_more", version = "1.0.0" },
     { name = "event-listener", version = "2.5.3" },
@@ -80,7 +78,6 @@ allow = [
    "BSD-3-Clause",
    "BSL-1.0", # Boost Software License 1.0
    "CC0-1.0",
-    "CDLA-Permissive-2.0",
    "ISC",
    "MIT",
    "MPL-2.0",
--- a/src/peer_channels.rs
+++ b/src/peer_channels.rs
@@ -238,21 +238,18 @@ impl Context {
        let secret_key = SecretKey::generate(rand_old::rngs::OsRng);
        let public_key = secret_key.public();

-        let (relay_mode, skip_relay_tls) = if let Some(relay_url) = self
+        let relay_mode = if let Some(relay_url) = self
            .metadata
            .read()
            .await
            .as_ref()
            .and_then(|conf| conf.iroh_relay.clone())
        {
-            // Underscore-prefixed domains use self-signed TLS certificates,
-            // so we need to skip relay certificate verification for them.
-            let skip = relay_url.host_str().is_some_and(|h| h.starts_with('_'));
-            (RelayMode::Custom(RelayUrl::from(relay_url).into()), skip)
+            RelayMode::Custom(RelayUrl::from(relay_url).into())
        } else {
            // FIXME: this should be RelayMode::Disabled instead.
            // Currently using default relays because otherwise Rust tests fail.
-            (RelayMode::Default, false)
+            RelayMode::Default
        };

        let endpoint = Endpoint::builder()
@@ -260,7 +257,6 @@ impl Context {
            .secret_key(secret_key)
            .alpns(vec![GOSSIP_ALPN.to_vec()])
            .relay_mode(relay_mode)
-            .insecure_skip_relay_cert_verify(skip_relay_tls)
            .bind()
            .await?;