From c85f1b20ca6f8e4ebbc64d632f8494be31e99518 Mon Sep 17 00:00:00 2001 From: Alexander Krotov Date: Sun, 27 Oct 2019 01:01:50 +0300 Subject: [PATCH] Add constants for certificate checks configuration --- deltachat-ffi/deltachat.h | 36 +++++++++++++++++++++++++++++++++++ python/src/deltachat/const.py | 8 ++++++-- python/tests/conftest.py | 5 +++-- 3 files changed, 45 insertions(+), 4 deletions(-) diff --git a/deltachat-ffi/deltachat.h b/deltachat-ffi/deltachat.h index f81eabdee..acddf4d80 100644 --- a/deltachat-ffi/deltachat.h +++ b/deltachat-ffi/deltachat.h @@ -3879,7 +3879,43 @@ int64_t dc_lot_get_timestamp (const dc_lot_t* lot); #define DC_LP_IMAP_SOCKET_FLAGS (DC_LP_IMAP_SOCKET_STARTTLS|DC_LP_IMAP_SOCKET_SSL|DC_LP_IMAP_SOCKET_PLAIN) // if none of these flags are set, the default is chosen #define DC_LP_SMTP_SOCKET_FLAGS (DC_LP_SMTP_SOCKET_STARTTLS|DC_LP_SMTP_SOCKET_SSL|DC_LP_SMTP_SOCKET_PLAIN) // if none of these flags are set, the default is chosen +/** + * @defgroup DC_CERTCK DC_CERTCK + * + * These constants configure TLS certificate checks for IMAP and SMTP connections. + * + * These constants are set via dc_set_config + * using keys "imap_certificate_checks" and "smtp_certificate_checks". + * + * @addtogroup DC_CERTCK + * @{ + */ +/** + * Configure certificate checks automatically. + */ +#define DC_CERTCK_AUTO 0 + +/** + * Strictly check TLS certificates. + * Require that both the certificate and hostname are valid. + */ +#define DC_CERTCK_STRICT 1 + +/** + * Accept invalid hostnames, but not invalid certificates. + */ +#define DC_CERTCK_ACCEPT_INVALID_HOSTNAMES 2 + +/** + * Accept invalid certificates, including self-signed ones + * or having incorrect hostname. + */ +#define DC_CERTCK_ACCEPT_INVALID_CERTIFICATES 3 + +/** + * @} + */ /** * @defgroup DC_EVENT DC_EVENT diff --git a/python/src/deltachat/const.py b/python/src/deltachat/const.py index f7d9d0b69..09827ff03 100644 --- a/python/src/deltachat/const.py +++ b/python/src/deltachat/const.py @@ -65,6 +65,10 @@ DC_LP_IMAP_SOCKET_PLAIN = 0x400 DC_LP_SMTP_SOCKET_STARTTLS = 0x10000 DC_LP_SMTP_SOCKET_SSL = 0x20000 DC_LP_SMTP_SOCKET_PLAIN = 0x40000 +DC_CERTCK_AUTO = 0 +DC_CERTCK_STRICT = 1 +DC_CERTCK_ACCEPT_INVALID_HOSTNAMES = 2 +DC_CERTCK_ACCEPT_INVALID_CERTIFICATES = 3 DC_EVENT_INFO = 100 DC_EVENT_SMTP_CONNECTED = 101 DC_EVENT_IMAP_CONNECTED = 102 @@ -147,8 +151,8 @@ DC_STR_COUNT = 67 def read_event_defines(f): - rex = re.compile(r'#define\s+((?:DC_EVENT_|DC_QR|DC_MSG|DC_LP|DC_STATE_|DC_STR|' - r'DC_CONTACT_ID_|DC_GCL|DC_CHAT|DC_PROVIDER)\S+)\s+([x\d]+).*') + rex = re.compile(r'#define\s+((?:DC_EVENT|DC_QR|DC_MSG|DC_LP|DC_CERTCK|DC_STATE|DC_STR|' + r'DC_CONTACT_ID|DC_GCL|DC_CHAT|DC_PROVIDER)_\S+)\s+([x\d]+).*') for line in f: m = rex.match(line) if m: diff --git a/python/tests/conftest.py b/python/tests/conftest.py index 0523055e2..1a14833cd 100644 --- a/python/tests/conftest.py +++ b/python/tests/conftest.py @@ -4,6 +4,7 @@ import pytest import requests import time from deltachat import Account +from deltachat import const from deltachat.capi import lib import tempfile @@ -164,8 +165,8 @@ def acfactory(pytestconfig, tmpdir, request, session_liveconfig): configdict["e2ee_enabled"] = "1" # Enable strict certificate checks for online accounts - configdict["imap_certificate_checks"] = "1" - configdict["smtp_certificate_checks"] = "1" + configdict["imap_certificate_checks"] = str(const.DC_CERTCK_STRICT) + configdict["smtp_certificate_checks"] = str(const.DC_CERTCK_STRICT) tmpdb = tmpdir.join("livedb%d" % self.live_count) ac = self.make_account(tmpdb.strpath, logid="ac{}".format(self.live_count))