Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-06 16:36:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: use Rustls NoCertificateVerification for underscore domains instead of AcceptInvalidCertificates

Browse Source 
Remove AcceptInvalidCertificates overrides in configure.rs and qr.rs that
caused a fallback to OpenSSL/native-tls. The upstream Rustls TLS layer now
handles underscore-prefixed domains via NoCertificateVerification directly.
Also fix clippy lint in peer_channels.rs (map_or -> is_some_and).
This commit is contained in:
holger krekel
2026-03-02 13:00:16 +01:00
committed by link2xt
parent 1b860372cc
commit e0768f5f37
7 changed files with 14 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/qr/qr_tests.rs
View File

@@ -767,18 +767,22 @@ async fn test_decode_account_underscore_domain() -> Result<()> {
}
);
// Verify login params use AcceptInvalidCertificates for underscore domain.
// Verify login params use Automatic for underscore domain.
// The TLS layer handles underscore domains via NoCertificateVerification in Rustls.
let param = login_param_from_account_qr(&ctx.ctx, "dcaccount:_example.org").await?;
assert!(param.addr.ends_with("@_example.org"));
assert_eq!(
param.certificate_checks,
EnteredCertificateChecks::AcceptInvalidCertificates
EnteredCertificateChecks::Automatic
);
// Regular domain still uses Strict.
// Regular domain also uses Automatic.
let param = login_param_from_account_qr(&ctx.ctx, "dcaccount:example.org").await?;
assert!(param.addr.ends_with("@example.org"));
assert_eq!(param.certificate_checks, EnteredCertificateChecks::Strict);
assert_eq!(
param.certificate_checks,
EnteredCertificateChecks::Automatic
);
Ok(())
}