Always check certificate when connecting over SOCKS5 in Automatic mode

There is a real risk of an active attack when connecting to non-.onion servers over Tor, as bad Tor exit nodes are cheap to set up. It's probably not needed for .onion domains, but we don't make an exception for now.
2026-05-05 06:16:30 +03:00 · 2021-09-04 20:06:10 +00:00
parent 5f065b245f
commit 7f819de49f
3 changed files with 10 additions and 3 deletions
--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -109,7 +109,8 @@ impl Smtp {
            &lp.socks5_config,
            &lp.addr,
            lp.server_flags & DC_LP_AUTH_OAUTH2 != 0,
-            lp.provider.map_or(false, |provider| provider.strict_tls),
+            lp.provider
+                .map_or(lp.socks5_config.is_some(), |provider| provider.strict_tls),
        )
        .await
    }