feat: allow TLS connections with invalid certificate if the key is unchanged

This change weakens TLS checks. Every time we make a successful TLS connection, we remember public key hash from the certificate in relation to the hostname. If later we connect to the same hostname and the public key does not change, we skip checking certificate chain. This way we will still connect successfully even if certificate expires or becomes invalid for another reason, but keeps the key. We always check that certificate corresponds to the hostname. We also do this for certificates starting with _ where we allow self-signed certificates, so self-signed certificates with mismatching domains are not allowed. Previously we did not check this for domains starting with _.
2026-04-26 18:06:35 +03:00 · 2026-03-29 17:47:12 +02:00
parent 7daa6cc8d9
commit 82924952fb
11 changed files with 338 additions and 32 deletions
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
@@ -2360,6 +2360,22 @@ ALTER TABLE contacts ADD COLUMN name_normalized TEXT;
        .await?;
    }

+    inc_and_check(&mut migration_version, 151)?;
+    if dbversion < migration_version {
+        sql.execute_migration(
+            "CREATE TABLE tls_spki (
+               host TEXT NOT NULL UNIQUE,
+               spki_hash TEXT NOT NULL, -- base64 of SPKI SHA-256 hash
+               timestamp INTEGER NOT NULL -- timestamp of the last time we have seen this key
+             ) STRICT;
+             -- Index on host column is created implicitly because of UNIQUE constraint.
+             CREATE INDEX tls_spki_index_timestamp ON tls_spki (timestamp);
+            ",
+            migration_version,
+        )
+        .await?;
+    }
+
    let new_version = sql
        .get_raw_config_int(VERSION_CFG)
        .await?