diff --git a/src/imap.rs b/src/imap.rs index ec6addb9b..ff1c32b0e 100644 --- a/src/imap.rs +++ b/src/imap.rs @@ -11,7 +11,7 @@ use crate::dc_receive_imf::dc_receive_imf; use crate::error::Error; use crate::events::Event; use crate::job::{connect_to_inbox, job_add, Action}; -use crate::login_param::{CertificateChecks, LoginParam}; +use crate::login_param::{dc_build_tls, CertificateChecks, LoginParam}; use crate::message::{self, update_msg_move_state, update_server_uid}; use crate::oauth2::dc_get_oauth2_access_token; use crate::param::Params; @@ -111,25 +111,7 @@ impl Client { certificate_checks: CertificateChecks, ) -> imap::error::Result { let stream = net::TcpStream::connect(addr)?; - let mut tls_builder = native_tls::TlsConnector::builder(); - let tls = match certificate_checks { - CertificateChecks::Automatic => { - // Same as AcceptInvalidCertificates for now. - // TODO: use provider database when it becomes available - tls_builder - .danger_accept_invalid_hostnames(true) - .danger_accept_invalid_certs(true) - } - CertificateChecks::Strict => &mut tls_builder, - CertificateChecks::AcceptInvalidHostnames => { - tls_builder.danger_accept_invalid_hostnames(true) - } - CertificateChecks::AcceptInvalidCertificates => tls_builder - .danger_accept_invalid_hostnames(true) - .danger_accept_invalid_certs(true), - } - .build() - .unwrap(); + let tls = dc_build_tls(certificate_checks).unwrap(); let s = stream.try_clone().expect("cloning the stream failed"); let tls_stream = native_tls::TlsConnector::connect(&tls, domain.as_ref(), s)?; diff --git a/src/login_param.rs b/src/login_param.rs index 3fc64031f..01e85b32a 100644 --- a/src/login_param.rs +++ b/src/login_param.rs @@ -251,6 +251,29 @@ fn get_readable_flags(flags: i32) -> String { res } +pub fn dc_build_tls( + certificate_checks: CertificateChecks, +) -> Result { + let mut tls_builder = native_tls::TlsConnector::builder(); + match certificate_checks { + CertificateChecks::Automatic => { + // Same as AcceptInvalidCertificates for now. + // TODO: use provider database when it becomes available + tls_builder + .danger_accept_invalid_hostnames(true) + .danger_accept_invalid_certs(true) + } + CertificateChecks::Strict => &mut tls_builder, + CertificateChecks::AcceptInvalidHostnames => { + tls_builder.danger_accept_invalid_hostnames(true) + } + CertificateChecks::AcceptInvalidCertificates => tls_builder + .danger_accept_invalid_hostnames(true) + .danger_accept_invalid_certs(true), + } + .build() +} + #[cfg(test)] mod tests { use super::*; diff --git a/src/smtp.rs b/src/smtp.rs index 4e8e30d6d..089607bc8 100644 --- a/src/smtp.rs +++ b/src/smtp.rs @@ -5,7 +5,7 @@ use crate::constants::*; use crate::context::Context; use crate::error::Error; use crate::events::Event; -use crate::login_param::{CertificateChecks, LoginParam}; +use crate::login_param::{dc_build_tls, LoginParam}; use crate::oauth2::*; #[derive(DebugStub)] @@ -68,26 +68,7 @@ impl Smtp { let domain = &lp.send_server; let port = lp.send_port as u16; - let mut tls_builder = native_tls::TlsConnector::builder(); - let tls = match lp.smtp_certificate_checks { - CertificateChecks::Automatic => { - // Same as AcceptInvalidCertificates for now. - // TODO: use provider database when it becomes available - tls_builder - .danger_accept_invalid_hostnames(true) - .danger_accept_invalid_certs(true) - } - CertificateChecks::Strict => &mut tls_builder, - CertificateChecks::AcceptInvalidHostnames => { - tls_builder.danger_accept_invalid_hostnames(true) - } - CertificateChecks::AcceptInvalidCertificates => tls_builder - .danger_accept_invalid_hostnames(true) - .danger_accept_invalid_certs(true), - } - .build() - .unwrap(); - + let tls = dc_build_tls(lp.smtp_certificate_checks).unwrap(); let tls_parameters = ClientTlsParameters::new(domain.to_string(), tls); let creds = if 0 != lp.server_flags & (DC_LP_AUTH_OAUTH2 as i32) {