Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-29 03:16:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add CertificateChecks::Automatic option and make it default

Browse Source 
It is the same as AcceptInvalidCertificates for now,
but can be replaced with better heuristics later,
such as a database of known providers or TOFU.
This commit is contained in:
Alexander Krotov
2019-09-30 02:25:05 +03:00
parent e222f49c9d
commit b8ca7b1591
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/login_param.rs
View File

@@ -7,6 +7,7 @@ use crate::error::Error;
#[derive(Debug, FromPrimitive)] #[derive(Debug, FromPrimitive)]
#[repr(i32)] #[repr(i32)]
pub enum CertificateChecks { pub enum CertificateChecks {
Automatic,
Strict, Strict,
AcceptInvalidHostnames, AcceptInvalidHostnames,
AcceptInvalidCertificates, AcceptInvalidCertificates,
@@ -14,7 +15,7 @@ pub enum CertificateChecks {
impl Default for CertificateChecks { impl Default for CertificateChecks {
fn default() -> Self { fn default() -> Self {
Self::AcceptInvalidCertificates Self::Automatic
} }
} }

7
src/smtp.rs
View File

@@ -70,6 +70,13 @@ impl Smtp {
let mut tls_builder = native_tls::TlsConnector::builder(); let mut tls_builder = native_tls::TlsConnector::builder();
let tls = match lp.send_certificate_checks { let tls = match lp.send_certificate_checks {
CertificateChecks::Automatic => {
// Same as AcceptInvalidCertificates for now.
// TODO: use provider database when it becomes available
tls_builder
.danger_accept_invalid_hostnames(true)
.danger_accept_invalid_certs(true)
}
CertificateChecks::Strict => &mut tls_builder, CertificateChecks::Strict => &mut tls_builder,
CertificateChecks::AcceptInvalidHostnames => { CertificateChecks::AcceptInvalidHostnames => {
tls_builder.danger_accept_invalid_hostnames(true) tls_builder.danger_accept_invalid_hostnames(true)