From a268946f8dc2504c849a38b4df89cddc0d12c706 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Thu, 15 Aug 2024 15:34:33 +0000
Subject: [PATCH] fix: default to strict TLS checks if not configured

If user has not set any settings manually
and provider is not configured,
default to strict TLS checks.

Bug was introduced in
<https://github.com/deltachat/deltachat-core-rust/pull/5854>
(commit 6b4532a08e36d0a39aa24a2e94eb222d7f90a936)
and affects released core 1.142.4 and 1.142.5.

The problem only affects accounts configured
using these core versions with provider
not in the provider database or when using advanced settings.
---
 deltachat-rpc-client/tests/test_something.py | 13 +++++++++++++
 src/login_param.rs                           |  4 +---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/deltachat-rpc-client/tests/test_something.py b/deltachat-rpc-client/tests/test_something.py
index 0449c5beb..3a27e0f84 100644
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -3,6 +3,7 @@ import concurrent.futures
 import json
 import logging
 import os
+import socket
 import subprocess
 import time
 from unittest.mock import MagicMock
@@ -70,6 +71,18 @@ def test_configure_starttls(acfactory) -> None:
     assert account.is_configured()
 
 
+def test_configure_ip(acfactory) -> None:
+    account = acfactory.new_preconfigured_account()
+
+    domain = account.get_config("addr").rsplit("@")[-1]
+    ip_address = socket.gethostbyname(domain)
+
+    # This should fail TLS check.
+    account.set_config("mail_server", ip_address)
+    with pytest.raises(JsonRpcError):
+        account.configure()
+
+
 def test_account(acfactory) -> None:
     alice, bob = acfactory.get_online_accounts(2)
 
diff --git a/src/login_param.rs b/src/login_param.rs
index 35c86ec5c..a35f4ee00 100644
--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -265,9 +265,7 @@ impl LoginParam {
             | CertificateChecks::AcceptInvalidCertificates2 => Some(false),
         };
         let provider_strict_tls = self.provider.map(|provider| provider.opt.strict_tls);
-        user_strict_tls
-            .or(provider_strict_tls)
-            .unwrap_or(self.socks5_config.is_some())
+        user_strict_tls.or(provider_strict_tls).unwrap_or(true)
     }
 }