refactor: drop native-tls

2026-04-26 01:46:34 +03:00 · 2019-11-10 19:18:37 +01:00
parent 3d790cbfca
commit d607d35abc
4 changed files with 97 additions and 164 deletions
--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -251,28 +251,28 @@ fn get_readable_flags(flags: i32) -> String {
    res
 }

-pub fn dc_build_tls(
-    certificate_checks: CertificateChecks,
-) -> Result<native_tls::TlsConnector, native_tls::Error> {
-    let mut tls_builder = native_tls::TlsConnector::builder();
-    match certificate_checks {
-        CertificateChecks::Automatic => {
-            // Same as AcceptInvalidCertificates for now.
-            // TODO: use provider database when it becomes available
-            tls_builder
-                .danger_accept_invalid_hostnames(true)
-                .danger_accept_invalid_certs(true)
-        }
-        CertificateChecks::Strict => &mut tls_builder,
-        CertificateChecks::AcceptInvalidHostnames => {
-            tls_builder.danger_accept_invalid_hostnames(true)
-        }
-        CertificateChecks::AcceptInvalidCertificates => tls_builder
-            .danger_accept_invalid_hostnames(true)
-            .danger_accept_invalid_certs(true),
-    }
-    .build()
-}
+// pub fn dc_build_tls(
+//     certificate_checks: CertificateChecks,
+// ) -> Result<native_tls::TlsConnector, native_tls::Error> {
+//     let mut tls_builder = native_tls::TlsConnector::builder();
+//     match certificate_checks {
+//         CertificateChecks::Automatic => {
+//             // Same as AcceptInvalidCertificates for now.
+//             // TODO: use provider database when it becomes available
+//             tls_builder
+//                 .danger_accept_invalid_hostnames(true)
+//                 .danger_accept_invalid_certs(true)
+//         }
+//         CertificateChecks::Strict => &mut tls_builder,
+//         CertificateChecks::AcceptInvalidHostnames => {
+//             tls_builder.danger_accept_invalid_hostnames(true)
+//         }
+//         CertificateChecks::AcceptInvalidCertificates => tls_builder
+//             .danger_accept_invalid_hostnames(true)
+//             .danger_accept_invalid_certs(true),
+//     }
+//     .build()
+// }

 #[cfg(test)]
 mod tests {
--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -5,7 +5,7 @@ use crate::constants::*;
 use crate::context::Context;
 use crate::error::Error;
 use crate::events::Event;
-use crate::login_param::{dc_build_tls, LoginParam};
+use crate::login_param::LoginParam;
 use crate::oauth2::*;

 #[derive(DebugStub)]
@@ -65,8 +65,11 @@ impl Smtp {
        let domain = &lp.send_server;
        let port = lp.send_port as u16;

-        let tls = dc_build_tls(lp.smtp_certificate_checks).unwrap();
-        let tls_parameters = ClientTlsParameters::new(domain.to_string(), tls);
+        let mut tls_config = rustls::ClientConfig::new();
+        tls_config
+            .root_store
+            .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
+        let tls_parameters = ClientTlsParameters::new(domain.to_string(), tls_config);

        let (creds, mechanism) = if 0 != lp.server_flags & (DC_LP_AUTH_OAUTH2 as i32) {
            // oauth2