Revert "Enable strict TLS certificate checks by default"

This reverts commit 6d9ff3d248.

src/login_param.rs

@@ -9,21 +9,19 @@ use crate::context::Context;
 #[repr(i32)]
 #[strum(serialize_all = "snake_case")]
 pub enum CertificateChecks {
-    AcceptInvalidCertificates = 0,
+    Automatic = 0,
     Strict = 1,
 
     /// Same as AcceptInvalidCertificates
     /// Previously known as AcceptInvalidHostnames, now deprecated.
     AcceptInvalidCertificates2 = 2,
 
-    /// Same as AcceptInvalidCertificates
-    /// Deprecated.
-    AcceptInvalidCertificates3 = 3,
+    AcceptInvalidCertificates = 3,
 }
 
 impl Default for CertificateChecks {
     fn default() -> Self {
-        Self::Strict
+        Self::Automatic
     }
 }
 
@@ -282,8 +280,16 @@ fn get_readable_flags(flags: i32) -> String {
 pub fn dc_build_tls(certificate_checks: CertificateChecks) -> async_native_tls::TlsConnector {
     let tls_builder = async_native_tls::TlsConnector::new();
     match certificate_checks {
+        CertificateChecks::Automatic => {
+            // Same as AcceptInvalidCertificates for now.
+            // TODO: use provider database when it becomes available
+            tls_builder
+                .danger_accept_invalid_hostnames(true)
+                .danger_accept_invalid_certs(true)
+        }
         CertificateChecks::Strict => tls_builder,
-        _ => tls_builder
+        CertificateChecks::AcceptInvalidCertificates
+        | CertificateChecks::AcceptInvalidCertificates2 => tls_builder
             .danger_accept_invalid_hostnames(true)
             .danger_accept_invalid_certs(true),
     }
@@ -297,8 +303,6 @@ mod tests {
     fn test_certificate_checks_display() {
         use std::string::ToString;
 
-        assert_eq!("strict".to_string(), CertificateChecks::Strict.to_string());
-
         assert_eq!(
             "accept_invalid_certificates".to_string(),
             CertificateChecks::AcceptInvalidCertificates.to_string()