From b8ca7b1591b5bfca509bdbb61a514d9180d8a1d7 Mon Sep 17 00:00:00 2001
From: Alexander Krotov <ilabdsf@gmail.com>
Date: Mon, 30 Sep 2019 02:25:05 +0300
Subject: [PATCH] Add CertificateChecks::Automatic option and make it default

It is the same as AcceptInvalidCertificates for now,
but can be replaced with better heuristics later,
such as a database of known providers or TOFU.
---
 src/login_param.rs | 3 ++-
 src/smtp.rs        | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/login_param.rs b/src/login_param.rs
index bc0553dff..e71cdee92 100644
--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -7,6 +7,7 @@ use crate::error::Error;
 #[derive(Debug, FromPrimitive)]
 #[repr(i32)]
 pub enum CertificateChecks {
+    Automatic,
     Strict,
     AcceptInvalidHostnames,
     AcceptInvalidCertificates,
@@ -14,7 +15,7 @@ pub enum CertificateChecks {
 
 impl Default for CertificateChecks {
     fn default() -> Self {
-        Self::AcceptInvalidCertificates
+        Self::Automatic
     }
 }
 
diff --git a/src/smtp.rs b/src/smtp.rs
index 34030f1a4..e2a3d8d1c 100644
--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -70,6 +70,13 @@ impl Smtp {
 
         let mut tls_builder = native_tls::TlsConnector::builder();
         let tls = match lp.send_certificate_checks {
+            CertificateChecks::Automatic => {
+                // Same as AcceptInvalidCertificates for now.
+                // TODO: use provider database when it becomes available
+                tls_builder
+                    .danger_accept_invalid_hostnames(true)
+                    .danger_accept_invalid_certs(true)
+            }
             CertificateChecks::Strict => &mut tls_builder,
             CertificateChecks::AcceptInvalidHostnames => {
                 tls_builder.danger_accept_invalid_hostnames(true)