Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-17 21:46:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate AcceptInvalidHostnames option

Browse Source 
Rustls does not offer a documented way to accept valid certificates with
invalid hostnames. Implementation of certificate verification in Rustls
does not have a public API and reimplementing it is error-prone.
This commit is contained in:
Alexander Krotov
2019-12-08 19:34:39 +03:00
committed by Floris Bruynooghe
parent cd951ad396
commit c08a1adc9b
3 changed files with 9 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
deltachat-ffi/deltachat.h
View File

@@ -4050,11 +4050,6 @@ int64_t dc_lot_get_timestamp (const dc_lot_t* lot);
*/ */
#define DC_CERTCK_STRICT 1 #define DC_CERTCK_STRICT 1
/**
* Accept invalid hostnames, but not invalid certificates.
*/
#define DC_CERTCK_ACCEPT_INVALID_HOSTNAMES 2
/** /**
* Accept invalid certificates, including self-signed ones * Accept invalid certificates, including self-signed ones
* or having incorrect hostname. * or having incorrect hostname.

1
python/src/deltachat/const.py
View File

@@ -68,7 +68,6 @@ DC_LP_SMTP_SOCKET_SSL = 0x20000
DC_LP_SMTP_SOCKET_PLAIN = 0x40000 DC_LP_SMTP_SOCKET_PLAIN = 0x40000
DC_CERTCK_AUTO = 0 DC_CERTCK_AUTO = 0
DC_CERTCK_STRICT = 1 DC_CERTCK_STRICT = 1
DC_CERTCK_ACCEPT_INVALID_HOSTNAMES = 2
DC_CERTCK_ACCEPT_INVALID_CERTIFICATES = 3 DC_CERTCK_ACCEPT_INVALID_CERTIFICATES = 3
DC_EMPTY_MVBOX = 0x01 DC_EMPTY_MVBOX = 0x01
DC_EMPTY_INBOX = 0x02 DC_EMPTY_INBOX = 0x02

20
src/login_param.rs
View File

@@ -16,7 +16,11 @@ use webpki_roots;
pub enum CertificateChecks { pub enum CertificateChecks {
Automatic = 0, Automatic = 0,
Strict = 1, Strict = 1,
AcceptInvalidHostnames = 2,
/// Same as AcceptInvalidCertificates
/// Previously known as AcceptInvalidHostnames, now deprecated.
AcceptInvalidCertificates2 = 2,
AcceptInvalidCertificates = 3, AcceptInvalidCertificates = 3,
} }
@@ -288,14 +292,8 @@ pub fn dc_build_tls_config(certificate_checks: CertificateChecks) -> rustls::Cli
.dangerous() .dangerous()
.set_certificate_verifier(Arc::new(NoCertificateVerification {})); .set_certificate_verifier(Arc::new(NoCertificateVerification {}));
} }
CertificateChecks::AcceptInvalidCertificates => { CertificateChecks::AcceptInvalidCertificates
// TODO: only accept invalid certs | CertificateChecks::AcceptInvalidCertificates2 => {
config
.dangerous()
.set_certificate_verifier(Arc::new(NoCertificateVerification {}));
}
CertificateChecks::AcceptInvalidHostnames => {
// TODO: only accept invalid hostnames
config config
.dangerous() .dangerous()
.set_certificate_verifier(Arc::new(NoCertificateVerification {})); .set_certificate_verifier(Arc::new(NoCertificateVerification {}));
@@ -313,8 +311,8 @@ mod tests {
use std::string::ToString; use std::string::ToString;
assert_eq!( assert_eq!(
"accept_invalid_hostnames".to_string(), "accept_invalid_certificates".to_string(),
CertificateChecks::AcceptInvalidHostnames.to_string() CertificateChecks::AcceptInvalidCertificates.to_string()
); );
} }
} }