Add CertificateChecks::Automatic option and make it default

It is the same as AcceptInvalidCertificates for now, but can be replaced with better heuristics later, such as a database of known providers or TOFU.
2026-04-19 14:36:29 +03:00 · 2019-09-30 02:25:05 +03:00
parent e222f49c9d
commit b8ca7b1591
2 changed files with 9 additions and 1 deletions
--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -70,6 +70,13 @@ impl Smtp {

        let mut tls_builder = native_tls::TlsConnector::builder();
        let tls = match lp.send_certificate_checks {
+            CertificateChecks::Automatic => {
+                // Same as AcceptInvalidCertificates for now.
+                // TODO: use provider database when it becomes available
+                tls_builder
+                    .danger_accept_invalid_hostnames(true)
+                    .danger_accept_invalid_certs(true)
+            }
            CertificateChecks::Strict => &mut tls_builder,
            CertificateChecks::AcceptInvalidHostnames => {
                tls_builder.danger_accept_invalid_hostnames(true)