refactor: remove TODO

Currently if there is an error getting quota
the HTML displays something like

```
example.com: Connected
Failed to parse.
```

It's not clear that "Failed to parse" only refers to quota info.

.github/workflows/ci.yml

@@ -62,7 +62,7 @@ jobs:
         with:
           show-progress: false
           persist-credentials: false
-      - uses: EmbarkStudios/cargo-deny-action@a531616d8ce3b9177443e48a1159bc945a099823
+      - uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1
         with:
           arguments: --workspace --all-features --locked
           command: check
@@ -146,7 +146,7 @@ jobs:
           cache-bin: false
 
       - name: Install nextest
-        uses: taiki-e/install-action@60ae4ce63c7aeb6e96d7f572c1ec7fafbb17ca80
+        uses: taiki-e/install-action@184183c2401be73c3bf42c2e61268aa5855379c1
         with:
           tool: nextest
 

.github/workflows/nix.yml

@@ -63,6 +63,7 @@ jobs:
           - deltachat-rpc-server-armv7l-linux-wheel
           - deltachat-rpc-server-i686-linux
           - deltachat-rpc-server-i686-linux-wheel
+          - deltachat-rpc-server-source
           - deltachat-rpc-server-win32
           - deltachat-rpc-server-win32-wheel
           - deltachat-rpc-server-win64

.github/workflows/zizmor-scan.yml

@@ -23,4 +23,4 @@ jobs:
           persist-credentials: false
 
       - name: Run zizmor
-        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3

CHANGELOG.md

@@ -1,44 +1,5 @@
 # Changelog
 
-## [2.51.0] - 2026-05-29
-
-### Features / Changes
-
-- Follow certificate check parameter in autoconfig.
-- Immediately remove all encrypted messages from the server in single-device mode.
-
-### Fixes
-
-- Fix syntax error in `only_fetch_mvbox` migration 150 resulting in failure to upgrade for `only_fetch_mvbox` users.
-- Do not try to resolve proxy IPv6 addresses in square brackets.
-- Do not fail to receive post-message with status updates for deleted webxdc.
-- Don't make message `OutDelivered` after successful resending to new broadcast member.
-
-### Build system
-
-- nix: fix downloads from crates.io in nix builds.
-
-### Documentation
-
-- Fix reference in `delete_expired_imap_messages` comment.
-
-### Refactor
-
-- Remove `pre_encrypt_mime_hook`.
-- Make `should_delete_all_downloaded_messages` non-async.
-
-### Tests
-
-- Test IPv6 addresses in HTTP(S) proxies.
-- Test `bcc_self` in `test_delete_expired_imap_messages`.
-- Test encrypted messages in `test_delete_expired_imap_messages`.
-
-### Miscellaneous Tasks
-
-- Bump version to 2.51.0-dev.
-- deps: bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6.
-- deps: bump taiki-e/install-action from 2.78.1 to 2.79.2.
-
 ## [2.50.0] - 2026-05-22
 
 ### API-Changes
@@ -8296,4 +8257,3 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.48.0]: https://github.com/chatmail/core/compare/v2.47.0..v2.48.0
 [2.49.0]: https://github.com/chatmail/core/compare/v2.48.0..v2.49.0
 [2.50.0]: https://github.com/chatmail/core/compare/v2.49.0..v2.50.0
-[2.51.0]: https://github.com/chatmail/core/compare/v2.50.0..v2.51.0

Cargo.lock

@@ -391,28 +391,6 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 
-[[package]]
-name = "aws-lc-rs"
-version = "1.17.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ec2f1fc3ec205783a5da9a7e6c1509cc69dedf09a1949e412c1e18469326d00"
-dependencies = [
- "aws-lc-sys",
- "zeroize",
-]
-
-[[package]]
-name = "aws-lc-sys"
-version = "0.41.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a2f9779ce85b93ab6170dd940ad0169b5766ff848247aff13bb788b832fe3f4"
-dependencies = [
- "cc",
- "cmake",
- "dunce",
- "fs_extra",
-]
-
 [[package]]
 name = "backon"
 version = "1.5.0"
@@ -785,13 +763,10 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.2.63"
+version = "1.2.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "556e016178bb5662a08681bbe0f00f8e17631781a4dfc8c45e466e4b185ec27f"
+checksum = "0c3d1b2e905a3a7b00a6141adb0e4c0bb941d11caf55349d863942a1cc44e3c9"
 dependencies = [
- "find-msvc-tools",
- "jobserver",
- "libc",
  "shlex",
 ]
 
@@ -945,15 +920,6 @@ dependencies = [
  "digest",
 ]
 
-[[package]]
-name = "cmake"
-version = "0.1.58"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678"
-dependencies = [
- "cc",
-]
-
 [[package]]
 name = "cobs"
 version = "0.2.3"
@@ -1710,7 +1676,7 @@ dependencies = [
  "libc",
  "option-ext",
  "redox_users",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.1",
 ]
 
 [[package]]
@@ -1760,12 +1726,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "dunce"
-version = "1.0.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
-
 [[package]]
 name = "dyn-clone"
 version = "1.0.18"
@@ -2091,12 +2051,6 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
-[[package]]
-name = "find-msvc-tools"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
-
 [[package]]
 name = "fixedbitset"
 version = "0.5.7"
@@ -2154,12 +2108,6 @@ dependencies = [
 name = "format-flowed"
 version = "1.0.0"
 
-[[package]]
-name = "fs_extra"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
-
 [[package]]
 name = "funty"
 version = "2.0.0"
@@ -2733,7 +2681,7 @@ dependencies = [
  "hyper",
  "libc",
  "pin-project-lite",
- "socket2 0.5.9",
+ "socket2 0.6.3",
  "tokio",
  "tower-service",
  "tracing",
@@ -3286,16 +3234,6 @@ version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
 
-[[package]]
-name = "jobserver"
-version = "0.1.34"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33"
-dependencies = [
- "getrandom 0.3.3",
- "libc",
-]
-
 [[package]]
 name = "js-sys"
 version = "0.3.77"
@@ -3436,9 +3374,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.31"
+version = "0.4.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "113b30b4cd05f7c06868fdb2854f66a7b9fece9a48425351cd532e810d74024f"
+checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
 
 [[package]]
 name = "loom"
@@ -3880,7 +3818,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.61.1",
 ]
 
 [[package]]
@@ -4365,18 +4303,18 @@ dependencies = [
 
 [[package]]
 name = "pin-project"
-version = "1.1.13"
+version = "1.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2466b2336ed02bcdca6b294417127b90ec92038d1d5c4fbeac971a922e0e0924"
+checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517"
 dependencies = [
  "pin-project-internal",
 ]
 
 [[package]]
 name = "pin-project-internal"
-version = "1.1.13"
+version = "1.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c96395f0a926bc13b1c17622aaddda1ecb55d49c8f1bf9777e4d877800a43f8b"
+checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5281,7 +5219,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.12.1",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.1",
 ]
 
 [[package]]
@@ -5290,7 +5228,6 @@ version = "0.23.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4"
 dependencies = [
- "aws-lc-rs",
  "log",
  "once_cell",
  "ring",
@@ -5336,7 +5273,6 @@ version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
- "aws-lc-rs",
  "ring",
  "rustls-pki-types",
  "untrusted",
@@ -5581,9 +5517,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.150"
+version = "1.0.149"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8014e44b4736ed0538adeecded0fce2a272f22dc9578a7eb6b2d9993c74cfb9"
+checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
 dependencies = [
  "itoa",
  "memchr",
@@ -5759,9 +5695,9 @@ dependencies = [
 
 [[package]]
 name = "shlex"
-version = "2.0.1"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8fadd59c855ef2080decdef8ff161eb6661b86933c9d82e5ba29dc602a55aba"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
 
 [[package]]
 name = "signal-hook-registry"
@@ -6147,7 +6083,7 @@ dependencies = [
  "getrandom 0.3.3",
  "once_cell",
  "rustix 1.1.4",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.1",
 ]
 
 [[package]]
@@ -6295,9 +6231,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.52.3"
+version = "1.52.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe"
+checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6"
 dependencies = [
  "bytes",
  "libc",

Cargo.toml

@@ -101,7 +101,7 @@ tagger = "4.3.4"
 textwrap = "0.16.2"
 thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
-tokio-rustls = { version = "0.26.2", default-features = false, features = ["aws-lc-rs", "tls12"] }
+tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
 astral-tokio-tar = { version = "0.6.2", default-features = false }
 tokio-util = { workspace = true }

deltachat-jsonrpc/src/api.rs

@@ -1106,6 +1106,9 @@ impl CommandApi {
     /// because the word "channel" already appears a lot in the code,
     /// which would make it hard to grep for it.
     ///
+    /// After creation, the chat contains no recipients and is in _unpromoted_ state;
+    /// see [`CommandApi::create_group_chat`] for more information on the unpromoted state.
+    ///
     /// Returns the created chat's id.
     async fn create_broadcast(&self, account_id: u32, chat_name: String) -> Result<u32> {
         let ctx = self.get_context(account_id).await?;

deltachat-rpc-client/src/deltachat_rpc_client/account.py

@@ -340,6 +340,9 @@ class Account:
         because the word "channel" already appears a lot in the code,
         which would make it hard to grep for it.
 
+        After creation, the chat contains no recipients and is in _unpromoted_ state;
+        see `create_group()` for more information on the unpromoted state.
+
         Returns the created chat.
         """
         return Chat(self, self._rpc.create_broadcast(self.id, name))

flake.lock

@@ -3,19 +3,15 @@
     "android": {
       "inputs": {
         "devshell": "devshell",
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1779918845,
-        "narHash": "sha256-FbpOOBg15L7X6NWWmTKbSdccnH59Jq53wWmAO37d2Q8=",
+        "lastModified": 1731356359,
+        "narHash": "sha256-vYqJnu6jotmWpPT4DgzHVdvNIZcKZCIUqS8QaptsZA0=",
         "owner": "tadfisher",
         "repo": "android-nixpkgs",
-        "rev": "105c093afc8c8fbeea98f8e398403f93043eba17",
+        "rev": "c028ead7e88edb2e94cd7c90ee37593f63ae494a",
         "type": "github"
       },
       "original": {
@@ -32,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768818222,
-        "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=",
+        "lastModified": 1728330715,
+        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76",
+        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
         "type": "github"
       },
       "original": {
@@ -47,17 +43,15 @@
     },
     "fenix": {
       "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
+        "nixpkgs": "nixpkgs_2",
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1779876442,
-        "narHash": "sha256-O25HomVNmdROO13PEQ3Ran8Hq5EsyLmVn8Gb8JvJtJE=",
+        "lastModified": 1763361733,
+        "narHash": "sha256-ka7dpwH3HIXCyD2wl5F7cPLeRbqZoY2ullALsvxdPt8=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "2eff81fc84390a35e1565395ae945d9394856824",
+        "rev": "6c8d48e3b0ae371b19ac1485744687b788e80193",
         "type": "github"
       },
       "original": {
@@ -71,11 +65,29 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
         "type": "github"
       },
       "original": {
@@ -86,35 +98,29 @@
     },
     "naersk": {
       "inputs": {
-        "fenix": [
-          "fenix"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1779912356,
-        "narHash": "sha256-yj5O6vmAj+OfhTQMiUwhmQRP0HAII3BxEI6zuY6h/5k=",
+        "lastModified": 1721727458,
+        "narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=",
         "owner": "nix-community",
         "repo": "naersk",
-        "rev": "33eaf5c72a67db15073322d26cd342c443556214",
+        "rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "pull/391/head",
         "repo": "naersk",
         "type": "github"
       }
     },
     "nix-filter": {
       "locked": {
-        "lastModified": 1757882181,
-        "narHash": "sha256-+cCxYIh2UNalTz364p+QYmWHs0P+6wDhiWR4jDIKQIU=",
+        "lastModified": 1730207686,
+        "narHash": "sha256-SCHiL+1f7q9TAnxpasriP6fMarWE5H43t25F5/9e28I=",
         "owner": "numtide",
         "repo": "nix-filter",
-        "rev": "59c44d1909c72441144b93cf0f054be7fe764de5",
+        "rev": "776e68c1d014c3adde193a18db9d738458cd2ba4",
         "type": "github"
       },
       "original": {
@@ -125,16 +131,60 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1779931091,
-        "narHash": "sha256-gc8NEz7a++7OQPGvMv+zIjXCec1PO38XRXZRa3m97ew=",
+        "lastModified": 1731139594,
+        "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1762977756,
+        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3052ddf0614791c1869384a868248be5607a309f",
+        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "master",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 0,
+        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
+        "path": "/nix/store/zq2axpgzd5kykk1v446rkffj3bxa2m2h-source",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1747179050,
+        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -143,20 +193,20 @@
       "inputs": {
         "android": "android",
         "fenix": "fenix",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "naersk": "naersk",
         "nix-filter": "nix-filter",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_4"
       }
     },
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1779827300,
-        "narHash": "sha256-J6pHxKoZzWCrAvOVInwBcYYWix/NWwM10Ad+i29Qc5s=",
+        "lastModified": 1762860488,
+        "narHash": "sha256-rMfWMCOo/pPefM2We0iMBLi2kLBAnYoB9thi4qS7uk4=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "c3af07ad84d68adc5e652e86f0c20009caa29014",
+        "rev": "2efc80078029894eec0699f62ec8d5c1a56af763",
         "type": "github"
       },
       "original": {
@@ -180,6 +230,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -2,16 +2,11 @@
   description = "Chatmail core";
   inputs = {
     fenix.url = "github:nix-community/fenix";
-    fenix.inputs.nixpkgs.follows = "nixpkgs";
     flake-utils.url = "github:numtide/flake-utils";
-    naersk.url = "github:nix-community/naersk/pull/391/head";
-    naersk.inputs.nixpkgs.follows = "nixpkgs";
-    naersk.inputs.fenix.follows = "fenix";
+    naersk.url = "github:nix-community/naersk";
     nix-filter.url = "github:numtide/nix-filter";
-    nixpkgs.url = "github:nixos/nixpkgs/master";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     android.url = "github:tadfisher/android-nixpkgs";
-    android.inputs.nixpkgs.follows = "nixpkgs";
-    android.inputs.flake-utils.follows = "flake-utils";
   };
   outputs = { self, nixpkgs, flake-utils, nix-filter, naersk, fenix, android }:
     flake-utils.lib.eachDefaultSystem (system:
@@ -138,8 +133,6 @@
             ];
             depsBuildBuild = [
               pkgsWin64.stdenv.cc
-            ];
-            buildInputs = [
               pkgsWin64.windows.pthreads
             ];
             auditable = false; # Avoid cargo-auditable failures.
@@ -150,8 +143,6 @@
             CARGO_BUILD_RUSTFLAGS = [
               "-C"
               "linker=${TARGET_CC}"
-              "-L"
-              "native=${pkgsWin64.windows.pthreads}/lib"
             ];
 
             CC = "${pkgsWin64.stdenv.cc}/bin/${pkgsWin64.stdenv.cc.targetPrefix}cc";
@@ -189,8 +180,7 @@
                   };
                 })).overrideAttrs (oldAttr: {
                 configureFlags = oldAttr.configureFlags ++ [
-                  "--disable-sjlj-exceptions"
-                  "--with-dwarf2"
+                  "--disable-sjlj-exceptions --with-dwarf2"
                 ];
               })
             );
@@ -206,8 +196,6 @@
             ];
             depsBuildBuild = [
               winCC
-            ];
-            buildInputs = [
               pkgsWin32.windows.pthreads
             ];
             auditable = false; # Avoid cargo-auditable failures.
@@ -218,8 +206,6 @@
             CARGO_BUILD_RUSTFLAGS = [
               "-C"
               "linker=${TARGET_CC}"
-              "-L"
-              "native=${pkgsWin32.windows.pthreads}/lib"
             ];
 
             CC = "${winCC}/bin/${winCC.targetPrefix}cc";
@@ -518,6 +504,22 @@
                 '';
               };
 
+            # Source package for deltachat-rpc-server.
+            # Fake package that downloads Linux version,
+            # needed to install deltachat-rpc-server on Android with `pip`.
+            deltachat-rpc-server-source =
+              pkgs.stdenv.mkDerivation {
+                pname = "deltachat-rpc-server-source";
+                version = manifest.version;
+                src = pkgs.lib.cleanSource ./.;
+                nativeBuildInputs = [
+                  pkgs.python3
+                  pkgs.python3Packages.wheel
+                ];
+                buildPhase = ''python3 scripts/wheel-rpc-server.py source deltachat_rpc_server-${manifest.version}.tar.gz'';
+                installPhase = ''mkdir -p $out; cp -av deltachat_rpc_server-${manifest.version}.tar.gz $out'';
+              };
+
             deltachat-rpc-client =
               pkgs.python3Packages.buildPythonPackage {
                 pname = "deltachat-rpc-client";
@@ -560,7 +562,7 @@
                   deltachat-python
                   deltachat-rpc-client
                   pkgs.python3Packages.breathe
-                  pkgs.python3Packages.sphinx-rtd-theme
+                  pkgs.python3Packages.sphinx_rtd_theme
                 ];
                 nativeBuildInputs = [ pkgs.sphinx ];
                 buildPhase = ''sphinx-build -b html -a python/doc/ dist/html'';

release-date.in

@@ -1 +1 @@
-2026-05-29
+2026-05-22

scripts/wheel-rpc-server.py

@@ -20,6 +20,86 @@ Description-Content-Type: text/markdown
 """
 
 
+def build_source_package(version, filename):
+    with tarfile.open(filename, "w:gz") as pkg:
+
+        def pack(name, contents):
+            contents = contents.encode()
+            tar_info = tarfile.TarInfo(f"deltachat_rpc_server-{version}/{name}")
+            tar_info.mode = 0o644
+            tar_info.size = len(contents)
+            pkg.addfile(tar_info, BytesIO(contents))
+
+        pack("PKG-INFO", metadata_contents(version))
+        pack(
+            "pyproject.toml",
+            f"""[build-system]
+requires = ["setuptools==68.2.2", "pip"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "deltachat-rpc-server"
+version = "{version}"
+
+[project.scripts]
+deltachat-rpc-server = "deltachat_rpc_server:main"
+""",
+        )
+        pack(
+            "setup.py",
+            f"""
+import sys
+from setuptools import setup, find_packages
+from distutils.cmd import Command
+from setuptools.command.install import install
+from setuptools.command.build import build
+import subprocess
+import platform
+import tempfile
+from zipfile import ZipFile
+from pathlib import Path
+import shutil
+
+
+class BuildCommand(build):
+    def run(self):
+        tmpdir = tempfile.mkdtemp()
+        subprocess.run(
+            [
+                sys.executable,
+                "-m",
+                "pip",
+                "download",
+                "--no-input",
+                "--timeout",
+                "1000",
+                "--platform",
+                "musllinux_1_1_" + platform.machine(),
+                "--only-binary=:all:",
+                "deltachat-rpc-server=={version}",
+            ],
+            cwd=tmpdir,
+        )
+
+        wheel_path = next(Path(tmpdir).glob("*.whl"))
+        with ZipFile(wheel_path, "r") as wheel:
+            exe_path = wheel.extract("deltachat_rpc_server/deltachat-rpc-server", "src")
+            Path(exe_path).chmod(0o700)
+            wheel.extract("deltachat_rpc_server/__init__.py", "src")
+
+        shutil.rmtree(tmpdir)
+        return super().run()
+
+
+setup(
+    cmdclass={{"build": BuildCommand}},
+    package_data={{"deltachat_rpc_server": ["deltachat-rpc-server"]}},
+)
+""",
+        )
+        pack("src/deltachat_rpc_server/__init__.py", "")
+
+
 def build_wheel(version, binary, tag, windows=False):
     filename = f"deltachat_rpc_server-{version}-{tag}.whl"
 
@@ -88,19 +168,23 @@ def main():
     with Path("Cargo.toml").open("rb") as fp:
         cargo_manifest = tomllib.load(fp)
     version = cargo_manifest["package"]["version"]
-    arch = sys.argv[1]
-    executable = sys.argv[2]
-    tags = arch2tags[arch]
-
-    if arch in ["win32", "win64"]:
-        build_wheel(
-            version,
-            executable,
-            f"py3-none-{tags}",
-            windows=True,
-        )
+    if sys.argv[1] == "source":
+        filename = f"deltachat_rpc_server-{version}.tar.gz"
+        build_source_package(version, filename)
     else:
-        build_wheel(version, executable, f"py3-none-{tags}")
+        arch = sys.argv[1]
+        executable = sys.argv[2]
+        tags = arch2tags[arch]
+
+        if arch in ["win32", "win64"]:
+            build_wheel(
+                version,
+                executable,
+                f"py3-none-{tags}",
+                windows=True,
+            )
+        else:
+            build_wheel(version, executable, f"py3-none-{tags}")
 
 
 main()

src/chat.rs

@@ -32,7 +32,6 @@ use crate::debug_logging::maybe_set_logging_xdc;
 use crate::download::{
     DownloadState, PRE_MSG_ATTACHMENT_SIZE_THRESHOLD, PRE_MSG_SIZE_WARNING_THRESHOLD,
 };
-use crate::ensure_and_debug_assert_eq;
 use crate::ephemeral::{Timer as EphemeralTimer, start_chat_ephemeral_timers};
 use crate::events::EventType;
 use crate::key::{Fingerprint, self_fingerprint};
@@ -1783,8 +1782,9 @@ impl Chat {
                 );
                 bail!("Cannot set message, contact for {} not found.", self.id);
             }
-        } else if self.param.get_int(Param::Unpromoted).unwrap_or_default() == 1 {
-            ensure_and_debug_assert_eq!(self.typ, Chattype::Group,);
+        } else if matches!(self.typ, Chattype::Group | Chattype::OutBroadcast)
+            && self.param.get_int(Param::Unpromoted).unwrap_or_default() == 1
+        {
             msg.param.set_int(Param::AttachChatAvatarAndDescription, 1);
             self.param
                 .remove(Param::Unpromoted)
@@ -3626,6 +3626,9 @@ pub(crate) async fn create_group_ex(
 /// because the word "channel" already appears a lot in the code,
 /// which would make it hard to grep for it.
 ///
+/// After creation, the chat contains no recipients and is in _unpromoted_ state;
+/// see [`create_group`] for more information on the unpromoted state.
+///
 /// Returns the created chat's id.
 pub async fn create_broadcast(context: &Context, chat_name: String) -> Result<ChatId> {
     let grpid = create_id();
@@ -3657,20 +3660,17 @@ pub(crate) async fn create_out_broadcast_ex(
             |row| row.get(0),
         )?;
         ensure!(cnt == 0, "{cnt} chats exist with grpid {grpid}");
-        let mut params: Params = Params::new();
-        params.update_timestamp(Param::GroupNameTimestamp, time())?;
 
         t.execute(
             "INSERT INTO chats
-            (type, name, name_normalized, grpid, created_timestamp, param)
-            VALUES(?, ?, ?, ?, ?, ?)",
+            (type, name, name_normalized, grpid, created_timestamp)
+            VALUES(?, ?, ?, ?, ?)",
             (
                 Chattype::OutBroadcast,
                 &chat_name,
                 normalize_text(&chat_name),
                 &grpid,
                 timestamp,
-                params.to_string(),
             ),
         )?;
         let chat_id = ChatId::new(t.last_insert_rowid().try_into()?);
@@ -3738,19 +3738,17 @@ pub(crate) async fn update_chat_contacts_table(
     id: ChatId,
     contacts: &BTreeSet<ContactId>,
 ) -> Result<()> {
-    // See add_to_chat_contacts_table() for reasoning.
-    let limit = cmp::max(time().saturating_add(TIMESTAMP_SENT_TOLERANCE), timestamp);
     context
         .sql
         .transaction(move |transaction| {
-            // Bump `remove_timestamp` even for members from `contacts`.
+            // Bump `remove_timestamp` to at least `now`
+            // even for members from `contacts`.
             // We add members from `contacts` back below.
             transaction.execute(
-                "UPDATE chats_contacts SET
-                     add_timestamp=MIN(add_timestamp, ?1),
-                     remove_timestamp=MAX(MIN(remove_timestamp,?1), MIN(add_timestamp,?1)+1, ?)
+                "UPDATE chats_contacts
+                 SET remove_timestamp=MAX(add_timestamp+1, ?)
                  WHERE chat_id=?",
-                (limit, timestamp, id),
+                (timestamp, id),
             )?;
 
             if !contacts.is_empty() {
@@ -3762,8 +3760,9 @@ pub(crate) async fn update_chat_contacts_table(
                 )?;
 
                 for contact_id in contacts {
-                    // We bumped `remove_timestamp` for existing rows above,
-                    // so on conflict it is enough to set `add_timestamp = remove_timestamp`.
+                    // We bumped `add_timestamp` for existing rows above,
+                    // so on conflict it is enough to set `add_timestamp = remove_timestamp`
+                    // and this guarantees that `add_timestamp` is no less than `timestamp`.
                     statement.execute((id, contact_id, timestamp))?;
                 }
             }
@@ -3780,24 +3779,17 @@ pub(crate) async fn add_to_chat_contacts_table(
     chat_id: ChatId,
     contact_ids: &[ContactId],
 ) -> Result<()> {
-    // Our clock may be slow, so limit stored timestamps with `timestamp` if it's bigger. This way
-    // we only cap remote timestamps if, in addition, remote changes arrive reordered or we do local
-    // changes. Also allow some tolerance, moreover, previous removals might lend time from the
-    // future.
-    let limit = cmp::max(time().saturating_add(TIMESTAMP_SENT_TOLERANCE), timestamp);
     context
         .sql
         .transaction(move |transaction| {
             let mut add_statement = transaction.prepare(
                 "INSERT INTO chats_contacts (chat_id, contact_id, add_timestamp) VALUES(?1, ?2, ?3)
                  ON CONFLICT (chat_id, contact_id)
-                 DO UPDATE SET
-                     remove_timestamp=MIN(remove_timestamp, ?4),
-                     add_timestamp=MIN(MAX(add_timestamp,remove_timestamp,?3), ?4)",
+                 DO UPDATE SET add_timestamp=MAX(remove_timestamp, ?3)",
             )?;
 
             for contact_id in contact_ids {
-                add_statement.execute((chat_id, contact_id, timestamp, limit))?;
+                add_statement.execute((chat_id, contact_id, timestamp))?;
             }
             Ok(())
         })
@@ -3808,34 +3800,26 @@ pub(crate) async fn add_to_chat_contacts_table(
 
 /// Removes a contact from the chat
 /// by updating the `remove_timestamp`.
-/// Returns whether the contact has been a chat member recently. If so, a removal message should be
-/// sent.
 pub(crate) async fn remove_from_chat_contacts_table(
     context: &Context,
     chat_id: ChatId,
     contact_id: ContactId,
-) -> Result<bool> {
+) -> Result<()> {
     let now = time();
-    // See add_to_chat_contacts_table() for reasoning.
-    let limit = now.saturating_add(TIMESTAMP_SENT_TOLERANCE);
-    let is_past_member = context
+    context
         .sql
         .execute(
-            "UPDATE chats_contacts SET
-                 add_timestamp=MIN(add_timestamp, ?1),
-                 remove_timestamp=MAX(MIN(remove_timestamp,?1), MIN(add_timestamp,?1)+1, ?)
+            "UPDATE chats_contacts
+             SET remove_timestamp=MAX(add_timestamp+1, ?)
              WHERE chat_id=? AND contact_id=?",
-            (limit, now, chat_id, contact_id),
+            (now, chat_id, contact_id),
         )
-        .await?
-        > 0;
-    Ok(is_past_member)
+        .await?;
+    Ok(())
 }
 
 /// Removes a contact from the chat
-/// without leaving a trace in the db.
-/// Returns whether the contact was removed, even if it was a past contact. If so, a removal message
-/// should be sent if the removal is issued by this device.
+/// without leaving a trace.
 ///
 /// Note that if we call this function,
 /// and then receive a message from another device
@@ -3845,17 +3829,17 @@ pub(crate) async fn remove_from_chat_contacts_table_without_trace(
     context: &Context,
     chat_id: ChatId,
     contact_id: ContactId,
-) -> Result<bool> {
-    let removed = context
+) -> Result<()> {
+    context
         .sql
         .execute(
             "DELETE FROM chats_contacts
             WHERE chat_id=? AND contact_id=?",
             (chat_id, contact_id),
         )
-        .await?
-        > 0;
-    Ok(removed)
+        .await?;
+
+    Ok(())
 }
 
 /// Adds a contact to the chat.
@@ -4175,13 +4159,10 @@ pub async fn remove_contact_from_chat(
 
     let mut sync = Nosync;
 
-    let removed = if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
-        remove_from_chat_contacts_table(context, chat_id, contact_id).await?
+    if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
+        remove_from_chat_contacts_table(context, chat_id, contact_id).await?;
     } else {
-        remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?
-    };
-    if !removed {
-        return Ok(());
+        remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?;
     }
 
     // We do not return an error if the contact does not exist in the database.

src/chat/chat_tests.rs

@@ -9,7 +9,6 @@ use crate::headerdef::HeaderDef;
 use crate::imex::{ImexMode, has_backup, imex};
 use crate::message::{Message, MessengerMessage, delete_msgs};
 use crate::mimeparser::{self, MimeMessage};
-use crate::qr::{Qr, check_qr};
 use crate::receive_imf::receive_imf;
 use crate::securejoin::{get_securejoin_qr, join_securejoin};
 use crate::test_utils;
@@ -2800,30 +2799,6 @@ async fn test_can_send_group() -> Result<()> {
     Ok(())
 }
 
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_cant_remove_nonmember() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let charlie = &tcm.charlie().await;
-
-    let alice_broadcast_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(alice_broadcast_id))
-        .await
-        .unwrap();
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-
-    let alice_charlie_id = alice.add_or_lookup_contact_id(charlie).await;
-    remove_contact_from_chat(alice, alice_broadcast_id, alice_charlie_id).await?;
-    assert!(alice.pop_sent_msg_opt(Duration::ZERO).await.is_none());
-    assert!(!remove_from_chat_contacts_table(alice, alice_broadcast_id, alice_charlie_id).await?);
-    assert!(
-        !remove_from_chat_contacts_table_without_trace(alice, alice_broadcast_id, alice_charlie_id)
-            .await?
-    );
-    Ok(())
-}
-
 /// Tests that in a broadcast channel,
 /// the recipients can't see the identity of their fellow recipients.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -2947,24 +2922,10 @@ async fn test_broadcast_change_name() -> Result<()> {
     let fiona = &tcm.fiona().await;
 
     let broadcast_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let mut qr = get_securejoin_qr(alice, Some(broadcast_id)).await.unwrap();
-    // Something goes wrong with the title, e.g. maybe it gets ellipsized
-    // Note that the title always comes at the end for human readability
-    qr += "+modified+title";
-
-    {
-        tcm.section("Alice invites Bob to her channel");
-        let Qr::AskJoinBroadcast { name, .. } = check_qr(bob, &qr).await? else {
-            panic!();
-        };
-        assert_eq!(name, "Channel modified title");
-
-        // The channel's name gets fixed after actually joining the channel:
-        let bob_chat_id = tcm.exec_securejoin_qr(bob, alice, &qr).await;
-        let bob_chat = Chat::load_from_db(bob, bob_chat_id).await?;
-        assert_eq!(bob_chat.name, "Channel");
-    }
+    let qr = get_securejoin_qr(alice, Some(broadcast_id)).await.unwrap();
 
+    tcm.section("Alice invites Bob to her channel");
+    tcm.exec_securejoin_qr(bob, alice, &qr).await;
     tcm.section("Alice invites Fiona to her channel");
     tcm.exec_securejoin_qr(fiona, alice, &qr).await;
 
@@ -3088,31 +3049,6 @@ async fn test_broadcast_resend_to_new_member() -> Result<()> {
     Ok(())
 }
 
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_broadcast_resend_failed_msg_to_new_member() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let fiona = &tcm.fiona().await;
-    let alice_bc_id = create_broadcast(alice, "bc".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(alice_bc_id)).await.unwrap();
-
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-    let alice_msg_id = alice.send_text(alice_bc_id, "text").await.sender_msg_id;
-    let mut msg = Message::load_from_db(alice, alice_msg_id).await?;
-    message::set_msg_failed(alice, &mut msg, "error").await?;
-    let fiona_bc_id = tcm.exec_securejoin_qr(fiona, alice, &qr).await;
-    let resent_msg = alice.pop_sent_msg().await;
-    let fiona_msg = fiona.recv_msg(&resent_msg).await;
-    assert_eq!(fiona_msg.chat_id, fiona_bc_id);
-    assert_eq!(fiona_msg.text, "text");
-    assert_eq!(
-        alice_msg_id.get_state(alice).await?,
-        MessageState::OutFailed
-    );
-    Ok(())
-}
-
 /// - Alice has multiple devices
 /// - Alice creates a broadcast and sends a message into it
 /// - Alice's second device sees the broadcast

src/config.rs

@@ -452,6 +452,11 @@ pub enum Config {
     /// storing the same token multiple times on the server.
     EncryptedDeviceToken,
 
+    /// Enables running test hooks, e.g. see `InnerContext::pre_encrypt_mime_hook`.
+    /// This way is better than conditional compilation, i.e. `#[cfg(test)]`, because tests not
+    /// using this still run unmodified code.
+    TestHooks,
+
     /// Return an error from `receive_imf_inner()`. For tests.
     SimulateReceiveImfError,
 

src/configure.rs

@@ -680,8 +680,6 @@ async fn get_autoconfig(
     param: &EnteredLoginParam,
     param_domain: &str,
 ) -> Option<Vec<ServerParams>> {
-    let accept_invalid_certificates = param.certificate_checks.accept_invalid_certificates();
-
     // Make sure to not encode `.` as `%2E` here.
     // Some servers like murena.io on 2024-11-01 produce incorrect autoconfig XML
     // when address is encoded.
@@ -698,7 +696,6 @@ async fn get_autoconfig(
             "https://autoconfig.{param_domain}/mail/config-v1.1.xml?emailaddress={param_addr_urlencoded}"
         ),
         &param.addr,
-        accept_invalid_certificates,
     )
     .await
     {
@@ -713,7 +710,6 @@ async fn get_autoconfig(
             "https://{param_domain}/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress={param_addr_urlencoded}"
         ),
         &param.addr,
-        accept_invalid_certificates,
     )
     .await
     {
@@ -725,7 +721,6 @@ async fn get_autoconfig(
     if let Ok(res) = outlk_autodiscover(
         ctx,
         format!("https://{param_domain}/autodiscover/autodiscover.xml"),
-        accept_invalid_certificates,
     )
     .await
     {
@@ -736,7 +731,6 @@ async fn get_autoconfig(
     if let Ok(res) = outlk_autodiscover(
         ctx,
         format!("https://autodiscover.{param_domain}/autodiscover/autodiscover.xml",),
-        accept_invalid_certificates,
     )
     .await
     {
@@ -749,7 +743,6 @@ async fn get_autoconfig(
         ctx,
         &format!("https://autoconfig.thunderbird.net/v1.1/{param_domain}"),
         &param.addr,
-        accept_invalid_certificates,
     )
     .await
     {

src/configure/auto_mozilla.rs

@@ -10,7 +10,7 @@ use quick_xml::events::{BytesStart, Event};
 use super::{Error, ServerParams};
 use crate::context::Context;
 use crate::log::warn;
-use crate::net::read_url_with_tls;
+use crate::net::read_url;
 use crate::provider::{Protocol, Socket};
 
 #[derive(Debug)]
@@ -249,9 +249,8 @@ pub(crate) async fn moz_autoconfigure(
     context: &Context,
     url: &str,
     addr: &str,
-    accept_invalid_certificates: bool,
 ) -> Result<Vec<ServerParams>, Error> {
-    let xml_raw = read_url_with_tls(context, url, !accept_invalid_certificates).await?;
+    let xml_raw = read_url(context, url).await?;
 
     let res = parse_serverparams(addr, &xml_raw);
     if let Err(err) = &res {

src/configure/auto_outlook.rs

@@ -10,7 +10,7 @@ use quick_xml::events::Event;
 use super::{Error, ServerParams};
 use crate::context::Context;
 use crate::log::warn;
-use crate::net::read_url_with_tls;
+use crate::net::read_url;
 use crate::provider::{Protocol, Socket};
 
 /// Result of parsing a single `Protocol` tag.
@@ -196,11 +196,10 @@ fn protocols_to_serverparams(protocols: Vec<ProtocolTag>) -> Vec<ServerParams> {
 pub(crate) async fn outlk_autodiscover(
     context: &Context,
     mut url: String,
-    accept_invalid_certificates: bool,
 ) -> Result<Vec<ServerParams>, Error> {
     /* Follow up to 10 xml-redirects (http-redirects are followed in read_url() */
     for _i in 0..10 {
-        let xml_raw = read_url_with_tls(context, &url, !accept_invalid_certificates).await?;
+        let xml_raw = read_url(context, &url).await?;
         let res = parse_xml(&xml_raw);
         if let Err(err) = &res {
             warn!(context, "{}", err);

src/context.rs

@@ -332,6 +332,17 @@ pub struct InnerContext {
     /// `Connectivity` values for mailboxes, unordered. Used to compute the aggregate connectivity,
     /// see [`Context::get_connectivity()`].
     pub(crate) connectivities: parking_lot::Mutex<Vec<ConnectivityStore>>,
+
+    #[expect(clippy::type_complexity)]
+    /// Transforms the root of the cryptographic payload before encryption.
+    pub(crate) pre_encrypt_mime_hook: parking_lot::Mutex<
+        Option<
+            for<'a> fn(
+                &Context,
+                mail_builder::mime::MimePart<'a>,
+            ) -> mail_builder::mime::MimePart<'a>,
+        >,
+    >,
 }
 
 /// The state of ongoing process.
@@ -511,6 +522,7 @@ impl Context {
             self_fingerprint: OnceLock::new(),
             self_public_key: Mutex::new(None),
             connectivities: parking_lot::Mutex::new(Vec::new()),
+            pre_encrypt_mime_hook: None.into(),
         };
 
         let ctx = Context {

src/download.rs

@@ -6,7 +6,6 @@ use anyhow::{Result, anyhow, bail, ensure};
 use deltachat_derive::{FromSql, ToSql};
 use serde::{Deserialize, Serialize};
 
-use crate::config::Config;
 use crate::context::Context;
 use crate::imap::session::Session;
 use crate::log::warn;
@@ -170,8 +169,7 @@ pub(crate) async fn download_msg(
     }
     Box::pin(session.fetch_single_msg(context, &server_folder, server_uid, rfc724_mid)).await?;
 
-    let bcc_self = context.get_config_bool(Config::BccSelf).await?;
-    if ephemeral::should_delete_all_downloaded_messages(bcc_self, session.is_chatmail()) {
+    if ephemeral::should_delete_all_downloaded_messages(context, session.is_chatmail()).await? {
         // Now that the message was downloaded, it likely needs to be deleted;
         // trigger a re-check by interrupting the inbox folder.
         // This is mainly needed to make the tests pass;

src/ephemeral.rs

@@ -654,7 +654,7 @@ pub(crate) async fn ephemeral_loop(context: &Context, interrupt_receiver: Receiv
 
 /// Schedules expired IMAP messages for deletion on the server.
 ///
-/// Also see [`delete_expired_messages`],
+/// Also see [`delete_expired_imap_messages`],
 /// which locally deletes expired messages.
 pub(crate) async fn delete_expired_imap_messages(
     context: &Context,
@@ -663,8 +663,7 @@ pub(crate) async fn delete_expired_imap_messages(
 ) -> Result<()> {
     let now = time();
 
-    let bcc_self = context.get_config_bool(Config::BccSelf).await?;
-    if should_delete_all_downloaded_messages(bcc_self, is_chatmail) {
+    if should_delete_all_downloaded_messages(context, is_chatmail).await? {
         // This is the only device using this relay.
         // Mark all downloaded messages for deletion, because they are not needed anymore.
         //
@@ -691,7 +690,7 @@ pub(crate) async fn delete_expired_imap_messages(
                 (transport_id, now, DownloadState::Done),
             )
             .await?;
-    } else if bcc_self {
+    } else {
         // There may be other devices using this relay,
         // either because there is multi-device or because this is a classical email server.
         // Only delete expired ephemeral messages.
@@ -712,37 +711,16 @@ pub(crate) async fn delete_expired_imap_messages(
                 (transport_id, now),
             )
             .await?;
-    } else {
-        // Single device.
-        // Delete all expired and encrypted messages.
-        context
-            .sql
-            .execute(
-                "UPDATE imap
-                 SET target=''
-                 WHERE transport_id=?1
-                 AND rfc724_mid IN (
-                    SELECT rfc724_mid FROM msgs
-                    WHERE id>9
-                      AND ((ephemeral_timestamp!=0 AND ephemeral_timestamp<=?2) OR
-                           ((param GLOB '*\nc=1*' OR param GLOB 'c=1*') AND download_state=?3))
-                    UNION
-                    SELECT pre_rfc724_mid FROM msgs
-                    WHERE pre_rfc724_mid!=''
-                      AND id>9
-                      AND ((ephemeral_timestamp!=0 AND ephemeral_timestamp<=?2) OR
-                           (param GLOB '*\nc=1*' OR param GLOB 'c=1*'))
-                )",
-                (transport_id, now, DownloadState::Done),
-            )
-            .await?;
     }
 
     Ok(())
 }
 
-pub(crate) fn should_delete_all_downloaded_messages(bcc_self: bool, is_chatmail: bool) -> bool {
-    !bcc_self && is_chatmail
+pub(crate) async fn should_delete_all_downloaded_messages(
+    context: &Context,
+    is_chatmail: bool,
+) -> Result<bool> {
+    Ok(!context.get_config_bool(Config::BccSelf).await? && is_chatmail)
 }
 
 /// Start ephemeral timers for seen messages if they are not started

src/ephemeral/ephemeral_tests.rs

@@ -478,10 +478,9 @@ async fn test_delete_expired_imap_messages() -> Result<()> {
 
     // Test messages:
     //
-    // Four messages that were not split into pre- and post- message:
+    // Three messages that were not split into pre- and post- message:
     //  "expired@localhost"     - expired ephemeral message
     //  "no_expire@localhost"   - non-ephemeral message
-    //  "no_expire_unencrypted@localhost"   - non-ephemeral message, not encrypted
     //  "future@localhost"      - will expire in the future, but not yet
     //
     // And four messages that were split into pre- and post-message.
@@ -490,81 +489,57 @@ async fn test_delete_expired_imap_messages() -> Result<()> {
     //  "future_*@localhost"    - has pre-msg, not expired yet, not downloaded yet
     //  "done_*@localhost"      - Fully downloaded -> post- message can be deleted
     //
-    // The tuple is (rfc724_mid, ephemeral_timestamp, download_state, pre_rfc724_mid, is_encrypted)
-    let msgs: [(&str, i64, DownloadState, &str, bool); 8] = [
-        ("expired@localhost", now - 1, DownloadState::Done, "", true),
-        ("no_expire@localhost", 0, DownloadState::Done, "", true),
-        (
-            "no_expire_unencrypted@localhost",
-            0,
-            DownloadState::Done,
-            "",
-            false,
-        ),
+    // The tuple is (rfc724_mid, ephemeral_timestamp, download_state, pre_rfc724_mid)
+    let msgs: [(&str, i64, DownloadState, &str); 7] = [
+        ("expired@localhost", now - 1, DownloadState::Done, ""),
+        ("no_expire@localhost", 0, DownloadState::Done, ""),
         // Use "now + 3600" rather than "now + 1", otherwise the test may be flaky
         // if it is slow and the message expires in a second
-        (
-            "future@localhost",
-            now + 3600,
-            DownloadState::Done,
-            "",
-            true,
-        ),
+        ("future@localhost", now + 3600, DownloadState::Done, ""),
         (
             "expired_post@localhost",
             now - 1,
             DownloadState::Available,
             "expired_pre@localhost",
-            true,
         ),
         (
             "no_expire_post@localhost",
             0,
             DownloadState::Available,
             "no_expire_pre@localhost",
-            true,
         ),
         (
             "future_post@localhost",
             now + 3600,
             DownloadState::Available,
             "future_pre@localhost",
-            true,
         ),
         (
             "done_post@localhost",
             0,
             DownloadState::Done,
             "done_pre@localhost",
-            true,
         ),
     ];
-    for (rfc724_mid, ephemeral_timestamp, download_state, pre_rfc724_mid, is_encrypted) in msgs {
+    for (rfc724_mid, ephemeral_timestamp, download_state, pre_rfc724_mid) in msgs {
         t.sql
             .execute(
                 "INSERT INTO msgs \
-                 (rfc724_mid, timestamp, ephemeral_timestamp, download_state, pre_rfc724_mid, param) \
-                 VALUES (?,?,?,?,?,?)",
+                 (rfc724_mid, timestamp, ephemeral_timestamp, download_state, pre_rfc724_mid) \
+                 VALUES (?,?,?,?,?)",
                 (
                     rfc724_mid,
                     now,
                     ephemeral_timestamp,
                     download_state,
                     pre_rfc724_mid,
-                    if is_encrypted {
-                        "c=1"
-                    } else {
-                        ""
-                    }
                 ),
             )
             .await?;
     }
     let rfc724_mids: Vec<&str> = msgs
         .iter()
-        .flat_map(|(rfc724_mid, _, _, pre_rfc724_mid, _is_encrypted)| {
-            [*rfc724_mid, *pre_rfc724_mid]
-        })
+        .flat_map(|(rfc724_mid, _, _, pre_rfc724_mid)| [*rfc724_mid, *pre_rfc724_mid])
         .filter(|s| !s.is_empty())
         .collect();
 
@@ -579,22 +554,13 @@ async fn test_delete_expired_imap_messages() -> Result<()> {
             .await?;
     }
 
-    for (is_chatmail, other_transport, bcc_self) in [
-        (false, false, false),
-        (false, false, true),
-        (false, true, false),
-        (false, true, true),
-        (true, false, false),
-        (true, false, true),
-        (true, true, false),
-        (true, true, true),
-    ] {
+    for (is_chatmail, other_transport) in
+        [(false, false), (false, true), (true, false), (true, true)]
+    {
         println!(
-            "Testing combination is_chatmail={is_chatmail}, other_transport={other_transport}, bcc_self={bcc_self}"
+            "Testing combination is_chatmail={is_chatmail}, other_transport={other_transport}"
         );
 
-        t.set_config_bool(Config::BccSelf, bcc_self).await?;
-
         delete_expired_imap_messages(
             &t,
             if other_transport {
@@ -615,20 +581,19 @@ async fn test_delete_expired_imap_messages() -> Result<()> {
         }
 
         assert_eq!(is_deleted(&t, "expired@localhost").await?, true);
-        assert_eq!(is_deleted(&t, "no_expire@localhost").await?, !bcc_self);
-        assert_eq!(
-            is_deleted(&t, "no_expire_unencrypted@localhost").await?,
-            is_chatmail && !bcc_self
-        );
-        assert_eq!(is_deleted(&t, "future@localhost").await?, !bcc_self);
+        assert_eq!(is_deleted(&t, "no_expire@localhost").await?, is_chatmail);
+        assert_eq!(is_deleted(&t, "future@localhost").await?, is_chatmail);
         assert_eq!(is_deleted(&t, "expired_post@localhost").await?, true);
         assert_eq!(is_deleted(&t, "expired_pre@localhost").await?, true);
         assert_eq!(is_deleted(&t, "no_expire_post@localhost").await?, false);
-        assert_eq!(is_deleted(&t, "no_expire_pre@localhost").await?, !bcc_self);
+        assert_eq!(
+            is_deleted(&t, "no_expire_pre@localhost").await?,
+            is_chatmail
+        );
         assert_eq!(is_deleted(&t, "future_post@localhost").await?, false);
-        assert_eq!(is_deleted(&t, "future_pre@localhost").await?, !bcc_self);
-        assert_eq!(is_deleted(&t, "done_pre@localhost").await?, !bcc_self);
-        assert_eq!(is_deleted(&t, "done_post@localhost").await?, !bcc_self);
+        assert_eq!(is_deleted(&t, "future_pre@localhost").await?, is_chatmail);
+        assert_eq!(is_deleted(&t, "done_pre@localhost").await?, is_chatmail);
+        assert_eq!(is_deleted(&t, "done_post@localhost").await?, is_chatmail);
 
         reset_targets(&t).await;
     }

src/login_param.rs

@@ -56,15 +56,6 @@ pub enum EnteredCertificateChecks {
     AcceptInvalidCertificates2 = 3,
 }
 
-impl EnteredCertificateChecks {
-    pub(crate) fn accept_invalid_certificates(self) -> bool {
-        matches!(
-            self,
-            Self::AcceptInvalidCertificates | Self::AcceptInvalidCertificates2
-        )
-    }
-}
-
 /// Login parameters for a single IMAP server.
 #[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct EnteredImapLoginParam {

src/message.rs

@@ -140,20 +140,8 @@ SELECT ?1, rfc724_mid, pre_rfc724_mid, timestamp, ?, ? FROM msgs WHERE id=?1
         Ok(())
     }
 
-    /// Returns whether the message state is updated to `OutDelivered`.
-    pub(crate) async fn set_delivered(self, context: &Context) -> Result<bool> {
-        if context
-            .sql
-            .execute(
-                // Only update `OutPending` i.e. if the message is (re-)sent to all chat members.
-                "UPDATE msgs SET state=?, error='' WHERE id=? AND state=?",
-                (MessageState::OutDelivered, self, MessageState::OutPending),
-            )
-            .await?
-            == 0
-        {
-            return Ok(false);
-        }
+    pub(crate) async fn set_delivered(self, context: &Context) -> Result<()> {
+        update_msg_state(context, self, MessageState::OutDelivered).await?;
         let chat_id: Option<ChatId> = context
             .sql
             .query_get_value("SELECT chat_id FROM msgs WHERE id=?", (self,))
@@ -165,7 +153,7 @@ SELECT ?1, rfc724_mid, pre_rfc724_mid, timestamp, ?, ? FROM msgs WHERE id=?1
         if let Some(chat_id) = chat_id {
             chatlist_events::emit_chatlist_item_changed(context, chat_id);
         }
-        Ok(true)
+        Ok(())
     }
 
     /// Bad evil escape hatch.
@@ -324,7 +312,6 @@ SELECT ?1, rfc724_mid, pre_rfc724_mid, timestamp, ?, ? FROM msgs WHERE id=?1
         if duration != 0 {
             ret += &format!("Duration: {duration} ms\n",);
         }
-        ret += &format!("\nDatabase ID: {}", msg.id);
         if !msg.rfc724_mid.is_empty() {
             ret += &format!("\nMessage-ID: {}", msg.rfc724_mid);
 
@@ -1427,9 +1414,6 @@ pub enum MessageState {
     /// The user has pressed the "send" button but the message is not
     /// yet sent and is pending in some way. Maybe we're offline (no
     /// checkmark).
-    ///
-    /// This state means that the message is being (re-)sent to all chat members. It shalln't be
-    /// used e.g. for resending only to a new broadcast member.
     OutPending = 20,
 
     /// *Unrecoverable* error (*recoverable* errors result in pending
@@ -2042,6 +2026,13 @@ pub(crate) async fn update_msg_state(
     Ok(())
 }
 
+// as we do not cut inside words, this results in about 32-42 characters.
+// Do not use too long subjects - we add a tag after the subject which gets truncated by the clients otherwise.
+// It should also be very clear, the subject is _not_ the whole message.
+// The value is also used for CC:-summaries
+
+// Context functions to work with messages
+
 pub(crate) async fn set_msg_failed(
     context: &Context,
     msg: &mut Message,

src/mimefactory.rs

@@ -1168,6 +1168,12 @@ impl MimeFactory {
                 _ => None,
             };
 
+            if context.get_config_bool(Config::TestHooks).await?
+                && let Some(hook) = &*context.pre_encrypt_mime_hook.lock()
+            {
+                message = hook(context, message);
+            }
+
             let encrypted = if let Some(shared_secret) = shared_secret {
                 let sign = true;
                 encrypt_helper

src/mimeparser/mimeparser_tests.rs

@@ -1790,27 +1790,35 @@ async fn test_time_in_future() -> Result<()> {
     Ok(())
 }
 
-/// Tests receiving a message with RFC 9788 header protection and legacy display element.
-///
-/// Legacy display elements should not be rendered:
-/// <https://www.rfc-editor.org/rfc/rfc9788.html#name-do-not-render-legacy-displa>
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_hp_legacy_display() -> Result<()> {
     let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
     let bob = &tcm.bob().await;
 
-    let msg_id = receive_imf(
-        bob,
-        include_bytes!("../../test-data/message/hp_legacy_display.eml"),
-        false,
-    )
-    .await?
-    .unwrap()
-    .msg_ids[0];
-    let msg_bob = Message::load_from_db(bob, msg_id).await?;
-    assert_eq!(msg_bob.subject, "Dinner plans");
+    let mut msg = Message::new_text(
+        "Subject: Dinner plans\n\
+        \n\
+        Let's eat"
+            .to_string(),
+    );
+    msg.set_subject("Dinner plans".to_string());
+    let chat_id = alice.create_chat(bob).await.id;
+    alice.set_config_bool(Config::TestHooks, true).await?;
+    *alice.pre_encrypt_mime_hook.lock() = Some(|_, mut mime| {
+        for (h, v) in &mut mime.headers {
+            if h == "Content-Type"
+                && let mail_builder::headers::HeaderType::ContentType(ct) = v
+            {
+                *ct = ct.clone().attribute("hp-legacy-display", "1");
+            }
+        }
+        mime
+    });
+    let sent_msg = alice.send_msg(chat_id, &mut msg).await;
 
-    // Legacy display element is removed from the text/plain body.
+    let msg_bob = bob.recv_msg(&sent_msg).await;
+    assert_eq!(msg_bob.subject, "Dinner plans");
     assert_eq!(msg_bob.text, "Let's eat");
     Ok(())
 }

src/net.rs

@@ -23,7 +23,6 @@ pub(crate) mod session;
 pub(crate) mod tls;
 
 use dns::lookup_host_with_cache;
-pub(crate) use http::read_url_with_tls;
 pub use http::{Response as HttpResponse, read_url, read_url_blob};
 use tls::wrap_tls;
 

src/net/dns.rs

@@ -231,10 +231,7 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
     HashMap::from([
         (
             "imap.163.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(111, 124, 203, 45)),
-                IpAddr::V4(Ipv4Addr::new(111, 124, 203, 50)),
-            ],
+            vec![IpAddr::V4(Ipv4Addr::new(111, 124, 203, 45))],
         ),
         (
             "smtp.163.com",
@@ -425,12 +422,12 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
             "nine.testrun.org",
             vec![
                 IpAddr::V4(Ipv4Addr::new(128, 140, 126, 197)),
+                IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236)),
                 IpAddr::V4(Ipv4Addr::new(216, 144, 228, 100)),
-                IpAddr::V4(Ipv4Addr::new(77, 42, 49, 41)),
+                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2)),
                 IpAddr::V6(Ipv6Addr::new(
                     0x2001, 0x41d0, 0x701, 0x1100, 0, 0, 0, 0x8ab1,
                 )),
-                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f9, 0xfff1, 0x59, 0, 0, 0, 1)),
             ],
         ),
         (
@@ -700,10 +697,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
             "chatmail.hackea.org",
             vec![IpAddr::V4(Ipv4Addr::new(82, 165, 11, 85))],
         ),
-        (
-            "chat.adminforge.de",
-            vec![IpAddr::V4(Ipv4Addr::new(94, 130, 17, 142))],
-        ),
         (
             "chika.aangat.lahat.computer",
             vec![IpAddr::V4(Ipv4Addr::new(71, 19, 150, 113))],
@@ -745,46 +738,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
             "danneskjold.de",
             vec![IpAddr::V4(Ipv4Addr::new(46, 62, 216, 132))],
         ),
-        (
-            "chat.in-the.eu",
-            vec![IpAddr::V4(Ipv4Addr::new(78, 46, 190, 129))],
-        ),
-        (
-            "chat.nuvon.app",
-            vec![IpAddr::V4(Ipv4Addr::new(178, 238, 38, 165))],
-        ),
-        (
-            "nibblehole.com",
-            vec![IpAddr::V4(Ipv4Addr::new(94, 247, 42, 209))],
-        ),
-        (
-            "chat.zashm.org",
-            vec![IpAddr::V4(Ipv4Addr::new(91, 245, 76, 39))],
-        ),
-        (
-            "chat.sus.fr",
-            vec![IpAddr::V4(Ipv4Addr::new(152, 67, 76, 190))],
-        ),
-        (
-            "delta.thelab.uno",
-            vec![IpAddr::V4(Ipv4Addr::new(146, 59, 228, 39))],
-        ),
-        (
-            "chat.vim.wtf",
-            vec![IpAddr::V4(Ipv4Addr::new(116, 203, 206, 170))],
-        ),
-        (
-            "uninterest.ing",
-            vec![IpAddr::V4(Ipv4Addr::new(172, 245, 70, 237))],
-        ),
-        (
-            "sweetfern.net",
-            vec![IpAddr::V4(Ipv4Addr::new(178, 156, 228, 133))],
-        ),
-        (
-            "delta.disobey.net",
-            vec![IpAddr::V4(Ipv4Addr::new(37, 74, 102, 44))],
-        ),
         (
             "darkrun.dev",
             vec![IpAddr::V4(Ipv4Addr::new(72, 11, 149, 146))],

src/net/http.rs

@@ -13,7 +13,7 @@ use crate::context::Context;
 use crate::log::warn;
 use crate::net::proxy::ProxyConfig;
 use crate::net::session::SessionStream;
-use crate::net::tls::wrap_tls;
+use crate::net::tls::wrap_rustls;
 use crate::tools::time;
 
 /// User-Agent for HTTP requests if a resource usage policy requires it.
@@ -35,16 +35,7 @@ pub struct Response {
 
 /// Retrieves the text contents of URL using HTTP GET request.
 pub async fn read_url(context: &Context, url: &str) -> Result<String> {
-    read_url_with_tls(context, url, true).await
-}
-
-/// Retrieves the text contents of URL using HTTP GET request.
-pub(crate) async fn read_url_with_tls(
-    context: &Context,
-    url: &str,
-    strict_tls: bool,
-) -> Result<String> {
-    let response = read_url_blob_with_tls(context, url, strict_tls).await?;
+    let response = read_url_blob(context, url).await?;
     let text = String::from_utf8_lossy(&response.blob);
     Ok(text.to_string())
 }
@@ -52,7 +43,6 @@ pub(crate) async fn read_url_with_tls(
 async fn get_http_sender<B>(
     context: &Context,
     parsed_url: hyper::Uri,
-    strict_tls: bool,
 ) -> Result<hyper::client::conn::http1::SendRequest<B>>
 where
     B: hyper::body::Body + 'static + Send,
@@ -86,29 +76,37 @@ where
             let port = parsed_url.port_u16().unwrap_or(443);
             let (use_sni, load_cache) = (true, true);
 
-            let tcp_stream: Box<dyn SessionStream> = if let Some(proxy_config) = proxy_config_opt {
+            if let Some(proxy_config) = proxy_config_opt {
                 let proxy_stream = proxy_config
                     .connect(context, host, port, load_cache)
                     .await?;
-                Box::new(proxy_stream)
+                let tls_stream = wrap_rustls(
+                    host,
+                    port,
+                    use_sni,
+                    "",
+                    proxy_stream,
+                    &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
+                )
+                .await?;
+                Box::new(tls_stream)
             } else {
                 let tcp_stream = crate::net::connect_tcp(context, host, port, load_cache).await?;
-                Box::new(tcp_stream)
-            };
-
-            let tls_stream = wrap_tls(
-                strict_tls,
-                host,
-                port,
-                use_sni,
-                "",
-                tcp_stream,
-                &context.tls_session_store,
-                &context.spki_hash_store,
-                &context.sql,
-            )
-            .await?;
-            Box::new(tls_stream)
+                let tls_stream = wrap_rustls(
+                    host,
+                    port,
+                    use_sni,
+                    "",
+                    tcp_stream,
+                    &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
+                )
+                .await?;
+                Box::new(tls_stream)
+            }
         }
         _ => bail!("Unknown URL scheme"),
     };
@@ -262,7 +260,7 @@ pub(crate) async fn http_cache_cleanup(context: &Context) -> Result<()> {
 /// Fetches URL and updates the cache.
 ///
 /// URL is fetched regardless of whether there is an existing result in the cache.
-async fn fetch_url(context: &Context, original_url: &str, strict_tls: bool) -> Result<Response> {
+async fn fetch_url(context: &Context, original_url: &str) -> Result<Response> {
     let mut url = original_url.to_string();
 
     // Follow up to 10 http-redirects
@@ -271,7 +269,7 @@ async fn fetch_url(context: &Context, original_url: &str, strict_tls: bool) -> R
             .parse::<hyper::Uri>()
             .with_context(|| format!("Failed to parse URL {url:?}"))?;
 
-        let mut sender = get_http_sender(context, parsed_url.clone(), strict_tls).await?;
+        let mut sender = get_http_sender(context, parsed_url.clone()).await?;
         let authority = parsed_url
             .authority()
             .context("URL has no authority")?
@@ -341,10 +339,8 @@ async fn fetch_url(context: &Context, original_url: &str, strict_tls: bool) -> R
             mimetype,
             encoding,
         };
-        if strict_tls {
-            info!(context, "Inserting {original_url:?} into cache.");
-            http_cache_put(context, &url, &response).await?;
-        }
+        info!(context, "Inserting {original_url:?} into cache.");
+        http_cache_put(context, &url, &response).await?;
         return Ok(response);
     }
 
@@ -353,23 +349,6 @@ async fn fetch_url(context: &Context, original_url: &str, strict_tls: bool) -> R
 
 /// Retrieves the binary contents of URL using HTTP GET request.
 pub async fn read_url_blob(context: &Context, url: &str) -> Result<Response> {
-    read_url_blob_with_tls(context, url, true).await
-}
-
-/// Retrieves the binary contents of URL using HTTP GET request.
-pub(crate) async fn read_url_blob_with_tls(
-    context: &Context,
-    url: &str,
-    strict_tls: bool,
-) -> Result<Response> {
-    if !strict_tls {
-        info!(
-            context,
-            "Fetching {url:?} without HTTP cache due to relaxed TLS."
-        );
-        return fetch_url(context, url, strict_tls).await;
-    }
-
     if let Some((response, is_stale)) = http_cache_get(context, url).await? {
         info!(context, "Returning {url:?} from cache.");
         if is_stale {
@@ -378,7 +357,7 @@ pub(crate) async fn read_url_blob_with_tls(
             tokio::spawn(async move {
                 // Fetch URL in background to update the cache.
                 info!(context, "Fetching stale {url:?} in background.");
-                if let Err(err) = fetch_url(&context, &url, true).await {
+                if let Err(err) = fetch_url(&context, &url).await {
                     warn!(context, "Failed to revalidate {url:?}: {err:#}.");
                 }
             });
@@ -387,7 +366,7 @@ pub(crate) async fn read_url_blob_with_tls(
     }
 
     info!(context, "Not found {url:?} in cache, fetching.");
-    let response = fetch_url(context, url, true).await?;
+    let response = fetch_url(context, url).await?;
     Ok(response)
 }
 
@@ -405,7 +384,7 @@ pub(crate) async fn post_empty(context: &Context, url: &str) -> Result<(String,
         bail!("POST requests to non-HTTPS URLs are not allowed");
     }
 
-    let mut sender = get_http_sender(context, parsed_url.clone(), true).await?;
+    let mut sender = get_http_sender(context, parsed_url.clone()).await?;
     let authority = parsed_url
         .authority()
         .context("URL has no authority")?
@@ -439,7 +418,7 @@ pub(crate) async fn post_string(context: &Context, url: &str, body: String) -> R
         bail!("POST requests to non-HTTPS URLs are not allowed");
     }
 
-    let mut sender = get_http_sender(context, parsed_url.clone(), true).await?;
+    let mut sender = get_http_sender(context, parsed_url.clone()).await?;
     let authority = parsed_url
         .authority()
         .context("URL has no authority")?
@@ -470,7 +449,7 @@ pub(crate) async fn post_form<T: Serialize + ?Sized>(
     }
 
     let encoded_body = serde_urlencoded::to_string(form).context("Failed to encode data")?;
-    let mut sender = get_http_sender(context, parsed_url.clone(), true).await?;
+    let mut sender = get_http_sender(context, parsed_url.clone()).await?;
     let authority = parsed_url
         .authority()
         .context("URL has no authority")?

src/net/tls.rs

@@ -126,12 +126,9 @@ pub async fn wrap_rustls<'a>(
     let root_cert_store =
         rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
 
-    let mut config = rustls::ClientConfig::builder_with_provider(Arc::new(
-        rustls::crypto::aws_lc_rs::default_provider(),
-    ))
-    .with_safe_default_protocol_versions()?
-    .with_root_certificates(root_cert_store)
-    .with_no_client_auth();
+    let mut config = rustls::ClientConfig::builder()
+        .with_root_certificates(root_cert_store)
+        .with_no_client_auth();
     config.alpn_protocols = if alpn.is_empty() {
         vec![]
     } else {

src/net/tls/danger.rs

@@ -51,7 +51,7 @@ impl rustls::client::danger::ServerCertVerifier for CustomCertificateVerifier {
 
         let spki = parsed_certificate.subject_public_key_info();
 
-        let provider = rustls::crypto::aws_lc_rs::default_provider();
+        let provider = rustls::crypto::ring::default_provider();
 
         if let ServerName::DnsName(dns_name) = server_name
             && dns_name.as_ref().starts_with("_")
@@ -97,7 +97,7 @@ impl rustls::client::danger::ServerCertVerifier for CustomCertificateVerifier {
         cert: &CertificateDer<'_>,
         dss: &rustls::DigitallySignedStruct,
     ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        let provider = rustls::crypto::aws_lc_rs::default_provider();
+        let provider = rustls::crypto::ring::default_provider();
         let supported_schemes = &provider.signature_verification_algorithms;
         rustls::crypto::verify_tls12_signature(message, cert, dss, supported_schemes)
     }
@@ -108,13 +108,13 @@ impl rustls::client::danger::ServerCertVerifier for CustomCertificateVerifier {
         cert: &CertificateDer<'_>,
         dss: &rustls::DigitallySignedStruct,
     ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        let provider = rustls::crypto::aws_lc_rs::default_provider();
+        let provider = rustls::crypto::ring::default_provider();
         let supported_schemes = &provider.signature_verification_algorithms;
         rustls::crypto::verify_tls13_signature(message, cert, dss, supported_schemes)
     }
 
     fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-        let provider = rustls::crypto::aws_lc_rs::default_provider();
+        let provider = rustls::crypto::ring::default_provider();
         provider
             .signature_verification_algorithms
             .supported_schemes()

src/receive_imf.rs

@@ -3790,17 +3790,13 @@ async fn apply_out_broadcast_changes(
         } else if from_id == ContactId::SELF
             && let Some(removed_id) = removed_id
         {
-            if chat::remove_from_chat_contacts_table_without_trace(context, chat.id, removed_id)
-                .await?
-            {
-                better_msg.get_or_insert(
-                    stock_str::msg_del_member_local(context, removed_id, ContactId::SELF).await,
-                );
-                added_removed_id = Some(removed_id);
-            } else {
-                info!(context, "No-op broadcast member removal message (TRASH).");
-                better_msg = Some("".to_string());
-            }
+            chat::remove_from_chat_contacts_table_without_trace(context, chat.id, removed_id)
+                .await?;
+
+            better_msg.get_or_insert(
+                stock_str::msg_del_member_local(context, removed_id, ContactId::SELF).await,
+            );
+            added_removed_id = Some(removed_id);
         }
     }
 
@@ -3874,20 +3870,17 @@ async fn apply_in_broadcast_changes(
         }
         chat::delete_broadcast_secret(context, chat.id).await?;
 
-        let removed =
-            chat::remove_from_chat_contacts_table_without_trace(context, chat.id, ContactId::SELF)
-                .await?;
-        if !removed {
-            info!(context, "No-op broadcast SELF-removal message (TRASH).");
-            better_msg = Some("".to_string());
-        } else if from_id == ContactId::SELF {
+        if from_id == ContactId::SELF {
             better_msg.get_or_insert(stock_str::msg_you_left_broadcast(context));
         } else {
             better_msg.get_or_insert(
                 stock_str::msg_del_member_local(context, ContactId::SELF, from_id).await,
             );
         }
-        send_event_chat_modified |= removed;
+
+        chat::remove_from_chat_contacts_table_without_trace(context, chat.id, ContactId::SELF)
+            .await?;
+        send_event_chat_modified = true;
     } else if !chat.is_self_in_chat(context).await? {
         chat::add_to_chat_contacts_table(
             context,

src/scheduler/connectivity.rs

@@ -421,7 +421,7 @@ impl Context {
                     // If not supported by the provider,
                     // just skip the "quota" section.
                     if !matches!(e, crate::quota::Error::NotSupportedByProvider) {
-                        ret += &escaper::encode_minimal(&e.to_string());
+                        ret += &format!("Quota: {}", &*escaper::encode_minimal(&e.to_string()));
                     }
                 }
                 Ok(quota) => {

src/sql/migrations.rs

@@ -2346,7 +2346,7 @@ ALTER TABLE contacts ADD COLUMN name_normalized TEXT;
                     transaction.execute(
                         "UPDATE transports
                          SET entered_param=json_set(entered_param, '$.imap.folder', ?1),
-                             configured_param=json_set(configured_param, '$.imap_folder', ?1)",
+                             configured_param=json_set(configured_param', '$.imap_folder', ?1)",
                         (mvbox_folder,),
                     )?;
                 }

src/stats.rs

@@ -18,7 +18,7 @@ use crate::config::Config;
 use crate::constants::{Chattype, DC_VERSION_STR};
 use crate::contact::{Contact, ContactId, Origin, import_vcard, mark_contact_id_as_verified};
 use crate::context::Context;
-use crate::key::{DcKey, load_self_public_key};
+use crate::key::load_self_public_keyring;
 use crate::log::LogExt;
 use crate::message::{Message, Viewtype};
 use crate::securejoin::QrInvite;
@@ -33,14 +33,7 @@ const MESSAGE_STATS_UPDATE_INTERVAL_SECONDS: i64 = 4 * 60; // 4 minutes (less th
 #[derive(Serialize)]
 struct Statistics {
     core_version: String,
-    number_of_transports: usize,
     key_create_timestamps: Vec<u32>,
-    number_of_keys: u32,
-    /// OpenPGP version of the key.
-    key_version: u8,
-    key_algorithm: String,
-    /// Size of the public key in bytes (encoded in binary, not base64).
-    pubkey_size: usize,
     stats_id: String,
     is_chatmail: bool,
     contact_stats: Vec<ContactStat>,
@@ -352,15 +345,11 @@ async fn get_stats(context: &Context) -> Result<String> {
         .get_config_u32(Config::StatsLastOldContactId)
         .await?;
 
-    let self_public_key = load_self_public_key(context).await?;
-    // `key_create_timestamps` is a `Vec` for historical reasons,
-    // support for using multiple keys is being phased out.
-    let key_create_timestamps: Vec<u32> = vec![self_public_key.created_at().as_secs()];
-    let number_of_keys: u32 = context
-        .sql
-        .query_get_value("SELECT COUNT(*) FROM keypairs", ())
+    let key_create_timestamps: Vec<u32> = load_self_public_keyring(context)
         .await?
-        .unwrap_or(0);
+        .iter()
+        .map(|k| k.created_at().as_secs())
+        .collect();
 
     let sending_enabled_timestamps =
         get_timestamps(context, "stats_sending_enabled_events").await?;
@@ -369,12 +358,7 @@ async fn get_stats(context: &Context) -> Result<String> {
 
     let stats = Statistics {
         core_version: DC_VERSION_STR.to_string(),
-        number_of_transports: context.count_transports().await?,
         key_create_timestamps,
-        number_of_keys,
-        key_version: self_public_key.primary_key.version().into(),
-        key_algorithm: format!("{:?}", self_public_key.algorithm()),
-        pubkey_size: DcKey::to_bytes(&self_public_key).len(),
         stats_id: stats_id(context).await?,
         is_chatmail: context.is_chatmail().await?,
         contact_stats: get_contact_stats(context, last_old_contact).await?,

src/stats/stats_tests.rs

@@ -595,33 +595,3 @@ async fn test_stats_enable_disable_timestamps() -> Result<()> {
 
     Ok(())
 }
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_cryptography_stats() -> Result<()> {
-    let alice = &TestContext::new_alice().await;
-    let stats = get_stats(alice).await.unwrap();
-    let stats: serde_json::Value = serde_json::from_str(&stats)?;
-
-    let number_of_transports: u64 = stats.get("number_of_transports").unwrap().as_u64().unwrap();
-    assert_eq!(number_of_transports, 1);
-
-    let key_version = stats.get("key_version").unwrap().as_u64().unwrap();
-    // Alice's key is v4
-    assert_eq!(key_version, 4);
-
-    let key_algorithm = stats.get("key_algorithm").unwrap().as_str().unwrap();
-    assert_eq!(key_algorithm, "EdDSALegacy");
-
-    let pubkey_size = stats.get("pubkey_size").unwrap().as_u64().unwrap();
-    assert_eq!(pubkey_size, 583);
-
-    crate::transport::add_pseudo_transport(alice, "alice@ten.testrun.org").await?;
-
-    let stats = get_stats(alice).await.unwrap();
-    let stats: serde_json::Value = serde_json::from_str(&stats)?;
-
-    let number_of_transports: u64 = stats.get("number_of_transports").unwrap().as_u64().unwrap();
-    assert_eq!(number_of_transports, 2);
-
-    Ok(())
-}

src/test_utils.rs

@@ -38,7 +38,7 @@ use crate::events::{Event, EventEmitter, EventType, Events};
 use crate::key::{self, DcKey, self_fingerprint};
 use crate::log::warn;
 use crate::login_param::EnteredLoginParam;
-use crate::message::{Message, MessageState, MsgId};
+use crate::message::{Message, MessageState, MsgId, update_msg_state};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::pgp::SeipdVersion;
 use crate::receive_imf::{ReceivedMsg, receive_imf};
@@ -692,11 +692,10 @@ ORDER BY id"
         if !msg_has_pending_smtp_job(self, msg_id)
             .await
             .expect("Failed to check for more jobs")
-            && msg_id
-                .set_delivered(self)
-                .await
-                .expect("MsgId::set_delivered")
         {
+            update_msg_state(&self.ctx, msg_id, MessageState::OutDelivered)
+                .await
+                .expect("failed to update message state");
             self.sql
                 .execute(
                     "UPDATE msgs SET timestamp_sent=? WHERE id=?",
@@ -773,19 +772,16 @@ ORDER BY id"
             .execute("DELETE FROM smtp WHERE msg_id=?", (msg_id,))
             .await
             .expect("Delete smtp jobs");
-        if msg_id
-            .set_delivered(self)
+        update_msg_state(&self.ctx, msg_id, MessageState::OutDelivered)
             .await
-            .expect("MsgId::set_delivered")
-        {
-            self.sql
-                .execute(
-                    "UPDATE msgs SET timestamp_sent=? WHERE id=?",
-                    (time(), msg_id),
-                )
-                .await
-                .expect("Update timestamp_sent");
-        }
+            .expect("Update message state");
+        self.sql
+            .execute(
+                "UPDATE msgs SET timestamp_sent=? WHERE id=?",
+                (time(), msg_id),
+            )
+            .await
+            .expect("Update timestamp_sent");
         sent_msgs
     }
 

src/tools/tools_tests.rs

@@ -41,7 +41,6 @@ async fn test_parse_receive_headers_integration() {
     let raw = include_bytes!("../../test-data/message/mail_with_cc.txt");
     let expected = r"State: Fresh
 
-Database ID: X
 Message-ID: 2dfdbde7@example.org
 
 Hop: From: localhost; By: hq5.merlinux.eu; Date: Sat, 14 Sep 2019 17:00:22 +0000
@@ -51,7 +50,6 @@ Hop: From: hq5.merlinux.eu; By: hq5.merlinux.eu; Date: Sat, 14 Sep 2019 17:00:25
     let raw = include_bytes!("../../test-data/message/encrypted_with_received_headers.eml");
     let expected = "State: Fresh, Encrypted
 
-Database ID: X
 Message-ID: Mr.adQpEwndXLH.LPDdlFVJ7wG@example.net
 
 Hop: From: [127.0.0.1]; By: mail.example.org; Date: Mon, 27 Dec 2021 11:21:21 +0000
@@ -73,10 +71,7 @@ async fn check_parse_receive_headers_integration(raw: &[u8], expected: &str) {
     // received time that depends on the test time which makes it impossible to
     // compare with a static string
     let capped_result = &msg_info[msg_info.find("State").unwrap()..];
-    assert_eq!(
-        expected.replace("\nDatabase ID: X", &format!("\nDatabase ID: {msg_id}")),
-        capped_result
-    );
+    assert_eq!(expected, capped_result);
 }
 
 #[test]

src/transport.rs

@@ -252,11 +252,7 @@ impl fmt::Display for ConfiguredLoginParam {
             write!(f, "{imap}")?;
             first = false;
         }
-        write!(f, "]")?;
-        if let Some(folder) = &self.imap_folder {
-            write!(f, " folder:{folder:?}")?;
-        }
-        write!(f, " smtp:[")?;
+        write!(f, "] smtp:[")?;
         let mut first = true;
         for smtp in &self.smtp {
             if !first {

src/transport/transport_tests.rs

@@ -34,7 +34,7 @@ async fn test_save_load_login_param() -> Result<()> {
             },
             user: "alice".to_string(),
         }],
-        imap_folder: Some("Folder".to_string()),
+        imap_folder: None,
         imap_user: "".to_string(),
         imap_password: "foo".to_string(),
         smtp: vec![ConfiguredServerLoginParam {
@@ -56,7 +56,7 @@ async fn test_save_load_login_param() -> Result<()> {
         .clone()
         .save_to_transports_table(&t, &EnteredLoginParam::default(), time())
         .await?;
-    let expected_param = r#"{"addr":"alice@example.org","imap":[{"connection":{"host":"imap.example.com","port":123,"security":"Starttls"},"user":"alice"}],"imap_folder":"Folder","imap_user":"","imap_password":"foo","smtp":[{"connection":{"host":"smtp.example.com","port":456,"security":"Tls"},"user":"alice@example.org"}],"smtp_user":"","smtp_password":"bar","provider_id":null,"certificate_checks":"Strict","oauth2":false}"#;
+    let expected_param = r#"{"addr":"alice@example.org","imap":[{"connection":{"host":"imap.example.com","port":123,"security":"Starttls"},"user":"alice"}],"imap_user":"","imap_password":"foo","smtp":[{"connection":{"host":"smtp.example.com","port":456,"security":"Tls"},"user":"alice@example.org"}],"smtp_user":"","smtp_password":"bar","provider_id":null,"certificate_checks":"Strict","oauth2":false}"#;
     assert_eq!(
         t.sql
             .query_get_value::<String>("SELECT configured_param FROM transports", ())
@@ -68,14 +68,6 @@ async fn test_save_load_login_param() -> Result<()> {
     let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
     assert_eq!(param, loaded);
 
-    let formatted = format!(" {loaded}");
-    assert!(formatted.contains(" ***@example.org"));
-    assert!(formatted.contains(" imap:[imap.example.com:123:starttls]"));
-    assert!(formatted.contains(" folder:\"Folder\""));
-    assert!(formatted.contains(" smtp:[smtp.example.com:456:tls]"));
-    assert!(formatted.contains(" provider:none"));
-    assert!(formatted.contains(" cert_strict"));
-
     // Legacy ConfiguredImapCertificateChecks config is ignored
     t.set_config(Config::ConfiguredImapCertificateChecks, Some("999"))
         .await?;

test-data/message/hp_legacy_display.eml

@@ -1,63 +0,0 @@
-Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
-	boundary="18b255ee53144064_9da6abff99cb33df_3854fea559a18923"
-MIME-Version: 1.0
-From: <alice@example.org>
-To: "hidden-recipients": ;
-Subject: [...]
-Date: Fri, 22 May 2026 22:48:16 +0000
-Message-ID: <3a5ae0d2-be4b-4463-8011-ab4a354ee690@localhost>
-Chat-Version: 1.0
-
-
---18b255ee53144064_9da6abff99cb33df_3854fea559a18923
-Content-Type: application/pgp-encrypted; charset="utf-8"
-Content-Transfer-Encoding: 7bit
-
-Version: 1
-
---18b255ee53144064_9da6abff99cb33df_3854fea559a18923
-Content-Type: application/octet-stream; charset="utf-8"
-Content-Transfer-Encoding: 7bit
-
------BEGIN PGP MESSAGE-----
-
-wUcGABIBB0BNBleU/G9GwCpizow72+5GANtiX+F7y/gI45x7MJLpFiBi+7OqwdFk
-dmINorerXmnk1jR7TEppDYhjCBRWaCXHJsHARQYAAQf/Zj43ZUA3rtGS6Nq9vUcc
-0L6knU0ukLc3KGTExQXu4ktiPT0RIjQ11wtSGlS75Bj7tu3syDf2/oQXi7eUh35T
-IULpBQ5Pnpk6h26GX9WbRYR5zmBNnlyppqJcaYueQzPX1gvybJ4cwfOmnMdUqzFr
-D9BR/YeyrBETsGKR+UfH167xgGY8d0ev8Tt4X01muiyrwLVqfoGCRUwjQFUY+ClY
-9yuCrNDnu8fHY/WRTKXoDkA8Qn9/6TdJM7G41wOaJYbWn4R8WqjqoQNdUYwL2cBg
-Pj1SNgaTaLMMH8YEtlRUN3JHiiqaBVIJIKBduOXnVEovf8FVXlmqX8DARLvqFCk2
-LdLEjQIHAgdxw8asmmKOpatAEwFHuVwkWe/ZbRhu3D1V38BzZEuSLHzQ/nWbWWVP
-GRmcZPmpusvRGX5W4zC6ybr5jePkW1dEqpgFFeoywz5REQxnl2QDPMHbWRFmC+q5
-FSA/zacYGIKmU761xWc1raaosN4uzf8ujJA8H+TQT4AKu4K2nzSMFpUl05sNToGN
-FdCNAvsnM9/PAraE3pju6YK+l4Woo/MLVEkrDEcLYEC/TrbNCJ6cnx/3uU+9gZyp
-ntXzwOJIIQ5el2qcSQuzec931Lr4UuX4k0FUKeLS24EiYid4K59iPHgKJn6E7grb
-34bxbQXkIMug0nTBKuAOTv7MFF4/rzn5deAUXpKty5zYLjqGApo4o5nnEvY9inXP
-3489C77lCTLuXgkASrYhqTZcFT6ewaLNJxKRQgLB/V8BY4DrckA/If31z57EK2Ju
-5kXpUfZKw/qjnHELLLSmYqx0Sd6w37d0x4LxHIjnpBEmsjWagM9fhiBJyaitNfCz
-hBEUAQoO2DlqrZMwAhKxADH8WUbXOhgXcj68NM185A+/UzMbbdV0cmLKynH3tlLX
-d16ZyriiRcllSuISXYLTsUwlQeA0zIyuYItzk7bGkw/2k4AmxFAFZjZPvaHOrt98
-BapEkxYp8wyhXdloknJ687E5Oa4UTsMKzRTrXRiPhVNstYcYnde4fZs0cUX0JJqE
-bZrR+T8biflfGWidc0D0cSd2rx6RryvykFBzvZJH4zqNaHap3w5F0miZWfrePQ8Y
-ljPCb162x3SAHc5RzhHH7tq4YatWlnncSAuGkZA7XMqBgFbIRdY2z+Hv5AQLj563
-OHD0Dc0pXUZYcHVdJnY4svuiekjEYLaGzjklULBsQo4KQXb8i3SufS8JUwypwAT1
-BzMWYQrT6cv3IQHtF9Yys6Z3ngYs9UoCIyqPHYFZYV8Y64injpBFtiY6kd0zvm/3
-5D5c0DcmI6kq0LNNNzZg5F0oMoDvyny1pI5/IGxS1H3OyBNJlNZkftMadyvDydY7
-khCjWzB9mTStrmeYVqJof/NyfMWJMa0NtJrqW+730FYnld95cGzf3gnRsTYd/CgD
-vXVcj5F2/fxsDUekmMMAYBB3DCBv0yCJJfqaTgQKcwngOL0+kuGVnjT8qfjf0FQR
-yzImEPJFTQFe+mpRALBoMSDRpzja6ZkU/AIOTT/xy1ZkfpLU/TpNk7XS6InsIjdH
-wBzfPvDUV7hHWwgILE+DTlebZVEuVBuoKTM72paMomYzskTkCGnIkTxioA1SyJxJ
-eOsSlNC30Le6rcbvz+kl+H7cW2RGZuCUub/UtCMlcdjlzEVAjwXgQZgys2mAwLPx
-n61I6rO+eEphXr5F/S6/0NwomR/02FY5AmqeViKC0G6/bDJOO374vU3bix28xqeB
-yYYeO+ZymhjqA7tLTEjrkrCh0vo1WoKSAWbhVqM9YUzAeusqyndZ2uLbTgCEayER
-MviI27DrXTDpExV9qLyELpo0z18kwoFScJ5ULXDN4lpwfsCeg3ThvBJD86V+4faT
-4neKUwzasjYvuzKqSRV4j89I5Bs1g8ERaQr3VZ4BnyjKxQ91eLsMDD+LMx2QW2lB
-HPUTWc4qmSAItogwZRxGUj+dASjcuGwqVhabUxWpxPsVGdOp6D3au1M3k7EuvLLa
-NmnDDyNRSU8d7Mc/Tp9swfPKd2ItI4cREXTpyu53ayzSD5/7LaDtpHUASdaDLgDv
-2evlUTBRk2a8+trbhE0oy8zzRdbgiNrwcegGM+y5BYCdV5Gooerk4g8pnULtKT1R
-VgWMKvXvFduvQsfXW+PKChw=
-=EBeW
------END PGP MESSAGE-----
-
---18b255ee53144064_9da6abff99cb33df_3854fea559a18923--