From 8595b92fcfd01bc22c7563bc89bbbc8d1df64dec Mon Sep 17 00:00:00 2001
From: holger krekel <holger@merlinux.eu>
Date: Mon, 11 Nov 2019 23:37:30 +0100
Subject: [PATCH] also make smtp respect CertificateChecks setting roughly

---
 src/imap_client.rs | 9 +++++----
 src/login_param.rs | 5 ++---
 src/smtp.rs        | 7 ++-----
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/imap_client.rs b/src/imap_client.rs
index 582cd7f35..e517ffdea 100644
--- a/src/imap_client.rs
+++ b/src/imap_client.rs
@@ -6,9 +6,10 @@ use async_imap::{
 };
 use async_std::net::{self, TcpStream};
 use async_std::prelude::*;
+use async_std::sync::Arc;
 use async_tls::client::TlsStream;
 
-use crate::login_param::{dc_build_tls, CertificateChecks};
+use crate::login_param::{dc_build_tls_config, CertificateChecks};
 
 const DCC_IMAP_DEBUG: &str = "DCC_IMAP_DEBUG";
 
@@ -37,9 +38,9 @@ impl Client {
         certificate_checks: CertificateChecks,
     ) -> ImapResult<Self> {
         let stream = TcpStream::connect(addr).await?;
-        let tls = dc_build_tls(certificate_checks);
-        let tls_stream = tls.connect(domain.as_ref(), stream)?.await?;
-
+        let tls_config = dc_build_tls_config(certificate_checks);
+        let tls_connector: async_tls::TlsConnector = Arc::new(tls_config).into();
+        let tls_stream = tls_connector.connect(domain.as_ref(), stream)?.await?;
         let mut client = ImapClient::new(tls_stream);
         if std::env::var(DCC_IMAP_DEBUG).is_ok() {
             client.debug = true;
diff --git a/src/login_param.rs b/src/login_param.rs
index 4cab089fc..2b27964f7 100644
--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -4,7 +4,6 @@ use std::fmt;
 use crate::context::Context;
 use crate::error::Error;
 use async_std::sync::Arc;
-use async_tls;
 use rustls;
 use webpki;
 
@@ -269,7 +268,7 @@ impl rustls::ServerCertVerifier for NoCertificateVerification {
     }
 }
 
-pub fn dc_build_tls(certificate_checks: CertificateChecks) -> async_tls::TlsConnector {
+pub fn dc_build_tls_config(certificate_checks: CertificateChecks) -> rustls::ClientConfig {
     let mut config = rustls::ClientConfig::new();
     match certificate_checks {
         CertificateChecks::Strict => {}
@@ -293,7 +292,7 @@ pub fn dc_build_tls(certificate_checks: CertificateChecks) -> async_tls::TlsConn
                 .set_certificate_verifier(Arc::new(NoCertificateVerification {}));
         }
     }
-    Arc::new(config).into()
+    config
 }
 
 #[cfg(test)]
diff --git a/src/smtp.rs b/src/smtp.rs
index a9eaa2cb5..9f13594bf 100644
--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -5,7 +5,7 @@ use crate::constants::*;
 use crate::context::Context;
 use crate::error::Error;
 use crate::events::Event;
-use crate::login_param::LoginParam;
+use crate::login_param::{dc_build_tls_config, LoginParam};
 use crate::oauth2::*;
 
 #[derive(DebugStub)]
@@ -65,10 +65,7 @@ impl Smtp {
         let domain = &lp.send_server;
         let port = lp.send_port as u16;
 
-        let mut tls_config = rustls::ClientConfig::new();
-        tls_config
-            .root_store
-            .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
+        let tls_config = dc_build_tls_config(lp.smtp_certificate_checks);
         let tls_parameters = ClientTlsParameters::new(domain.to_string(), tls_config);
 
         let (creds, mechanism) = if 0 != lp.server_flags & (DC_LP_AUTH_OAUTH2 as i32) {