feat: display TLS certificate checks configuration in connectivity view

2026-04-02 05:22:14 +03:00 · 2025-10-13 19:51:44 +00:00
4 changed files with 62 additions and 1 deletions
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -7749,12 +7749,17 @@ void dc_event_unref(dc_event_t* event);
 /// Used in status messages.
 #define DC_STR_CHANNEL_LEFT_BY_YOU 200

+/// "Security"
+///
+/// Used in connectivity view.
+#define DC_STR_SECUREJOIN_WAIT_TIMEOUT 201
+
 /// "Scan to join channel %1$s"
 ///
 /// Subtitle for channel join qrcode svg image generated by the core.
 ///
 /// `%1$s` will be replaced with the channel name.
-#define DC_STR_SECURE_JOIN_CHANNEL_QR_DESC  201
+#define DC_STR_SECURE_JOIN_CHANNEL_QR_DESC  202

 /**
 * @}
--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -888,6 +888,22 @@ impl ConfiguredLoginParam {
            | ConfiguredCertificateChecks::AcceptInvalidCertificates2 => false,
        }
    }
+
+    /// Returns true if strict TLS checks are disabled
+    /// and configuration is not for a known provider
+    /// with broken TLS setup.
+    pub fn strict_tls_manually_disabled(&self) -> bool {
+        match self.certificate_checks {
+            ConfiguredCertificateChecks::OldAutomatic => {
+                // Old "Automatic" configuration defaults to no strict TLS.
+                // User should upgrade configuration.
+                self.provider.is_none()
+            }
+            ConfiguredCertificateChecks::Automatic | ConfiguredCertificateChecks::Strict => false,
+            ConfiguredCertificateChecks::AcceptInvalidCertificates
+            | ConfiguredCertificateChecks::AcceptInvalidCertificates2 => true,
+        }
+    }
 }

 #[cfg(test)]
--- a/src/scheduler/connectivity.rs
+++ b/src/scheduler/connectivity.rs
@@ -8,6 +8,7 @@ use humansize::{BINARY, format_size};
 use crate::events::EventType;
 use crate::imap::{FolderMeaning, scan_folders::get_watched_folder_configs};
 use crate::log::info;
+use crate::login_param::ConfiguredLoginParam;
 use crate::quota::{QUOTA_ERROR_THRESHOLD_PERCENTAGE, QUOTA_WARN_THRESHOLD_PERCENTAGE};
 use crate::stock_str;
 use crate::{context::Context, log::LogExt};
@@ -530,6 +531,36 @@ impl Context {
        }
        ret += "</ul>";

+        // =============================================================================================
+        // Add e.g.
+        //                              Security
+        //                                TLS Certificate Checks: enabled
+        // =============================================================================================
+
+        if let Some(configured_login_param) = ConfiguredLoginParam::load(self).await? {
+            let security = stock_str::security(self).await;
+            ret += &format!("<h3>{security}</h3><ul>");
+
+            ret += "<li>";
+            if configured_login_param.strict_tls() {
+                // GREEN: strict TLS checks are enabled.
+                ret += &format!(
+                    "<span class=\"green dot\"></span> <b>TLS Certificate Checks:</b> enabled"
+                );
+            } else if configured_login_param.strict_tls_manually_disabled() {
+                // RED: TLS checks are manually disabled.
+                ret += &format!(
+                    "<span class=\"red dot\"></span> <b>TLS Certificate Checks:</b> disabled"
+                );
+            } else {
+                // YELLOW: TLS checks are automatically disabled.
+                ret += &format!(
+                    "<span class=\"yellow dot\"></span> <b>TLS Certificate Checks:</b> disabled"
+                );
+            }
+            ret += "</li></ul>";
+        }
+
        // =============================================================================================

        ret += "</body></html>\n";
--- a/src/stock_str.rs
+++ b/src/stock_str.rs
@@ -439,6 +439,10 @@ https://delta.chat/donate"))]

    #[strum(props(fallback = "Scan to join channel %1$s"))]
    SecureJoinBrodcastQRDescription = 201,
+
+    /// "Security" title for connectivity view section.
+    #[strum(props(fallback = "Security"))]
+    Security = 202,
 }

 impl StockMessage {
@@ -1324,6 +1328,11 @@ pub(crate) async fn backup_transfer_msg_body(context: &Context) -> String {
    translated(context, StockMessage::BackupTransferMsgBody).await
 }

+/// Stock string: `Security`.
+pub(crate) async fn security(context: &Context) -> String {
+    translated(context, StockMessage::Security).await
+}
+
 impl Context {
    /// Set the stock string for the [StockMessage].
    ///