remove iroh underscore domain support for now.

Cargo.toml

@@ -67,7 +67,7 @@ hyper = "1"
 hyper-util = "0.1.16"
 image = { version = "0.25.6", default-features=false, features = ["gif", "jpeg", "ico", "png", "pnm", "webp", "bmp"] }
 iroh-gossip = { version = "0.35", default-features = false, features = ["net"] }
-iroh = { version = "0.35", default-features = false, features = ["test-utils", "metrics"] }
+iroh = { version = "0.35", default-features = false }
 kamadak-exif = "0.6.1"
 libc = { workspace = true }
 mail-builder = { version = "0.4.4", default-features = false }

deltachat-rpc-client/tests/test_iroh_webxdc.py

@@ -17,6 +17,13 @@ import pytest
 from deltachat_rpc_client import EventType
 
 
+@pytest.fixture(autouse=True)
+def _xfail_underscore_domain():
+    domain = os.environ.get("CHATMAIL_DOMAIN", "")
+    if domain.startswith("_"):
+        pytest.xfail("Iroh tests are expected to fail on underscore domains (self-signed TLS certificates)")
+
+
 @pytest.fixture
 def path_to_webxdc(request):
     p = request.path.parent.parent.parent.joinpath("test-data/webxdc/chess.xdc")

deltachat-rpc-client/tests/test_something.py

@@ -1016,7 +1016,6 @@ def test_configured_imap_certificate_checks(acfactory):
 
     # Certificate checks should be configured (not None)
     info = alice.get_info()
-    domain = alice.get_config("addr").split("@")[-1]
     assert "cert_automatic" in info.used_transport_settings
 
     # "cert_old_automatic" is the value old Delta Chat core versions used

deny.toml

@@ -27,8 +27,6 @@ ignore = [
 skip = [
      { name = "async-channel", version = "1.9.0" },
      { name = "bitflags", version = "1.3.2" },
-     { name = "core-foundation", version = "0.9.4" },
-     { name = "core-foundation", version = "0.10.1" },
      { name = "derive_more-impl", version = "1.0.0" },
      { name = "derive_more", version = "1.0.0" },
      { name = "event-listener", version = "2.5.3" },
@@ -80,7 +78,6 @@ allow = [
     "BSD-3-Clause",
     "BSL-1.0", # Boost Software License 1.0
     "CC0-1.0",
-    "CDLA-Permissive-2.0",
     "ISC",
     "MIT",
     "MPL-2.0",

src/peer_channels.rs

@@ -238,21 +238,18 @@ impl Context {
         let secret_key = SecretKey::generate(rand_old::rngs::OsRng);
         let public_key = secret_key.public();
 
-        let (relay_mode, skip_relay_tls) = if let Some(relay_url) = self
+        let relay_mode = if let Some(relay_url) = self
             .metadata
             .read()
             .await
             .as_ref()
             .and_then(|conf| conf.iroh_relay.clone())
         {
-            // Underscore-prefixed domains use self-signed TLS certificates,
+            RelayMode::Custom(RelayUrl::from(relay_url).into())
-            // so we need to skip relay certificate verification for them.
-            let skip = relay_url.host_str().is_some_and(|h| h.starts_with('_'));
-            (RelayMode::Custom(RelayUrl::from(relay_url).into()), skip)
         } else {
             // FIXME: this should be RelayMode::Disabled instead.
             // Currently using default relays because otherwise Rust tests fail.
-            (RelayMode::Default, false)
+            RelayMode::Default
         };
 
         let endpoint = Endpoint::builder()
@@ -260,7 +257,6 @@ impl Context {
             .secret_key(secret_key)
             .alpns(vec![GOSSIP_ALPN.to_vec()])
             .relay_mode(relay_mode)
-            .insecure_skip_relay_cert_verify(skip_relay_tls)
             .bind()
             .await?;