feat: custom TLS certificate verification

Bumps [quote](https://github.com/dtolnay/quote) from 1.0.44 to 1.0.45.
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.44...1.0.45)

---
updated-dependencies:
- dependency-name: quote
  dependency-version: 1.0.45
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Cargo.lock

@@ -827,9 +827,9 @@ dependencies = [
 
 [[package]]
 name = "chrono"
-version = "0.4.43"
+version = "0.4.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118"
+checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
 dependencies = [
  "iana-time-zone",
  "num-traits",
@@ -2654,7 +2654,7 @@ dependencies = [
  "hyper",
  "libc",
  "pin-project-lite",
- "socket2 0.6.0",
+ "socket2 0.5.9",
  "tokio",
  "tower-service",
  "tracing",
@@ -3260,9 +3260,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.182"
+version = "0.2.184"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6800badb6cb2082ffd7b6a67e6125bb39f18782f793520caee8cb8846be06112"
+checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af"
 
 [[package]]
 name = "libm"
@@ -4235,18 +4235,18 @@ dependencies = [
 
 [[package]]
 name = "pin-project"
-version = "1.1.10"
+version = "1.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "677f1add503faace112b9f1373e43e9e054bfdd22ff1a63c1bc485eaec6a6a8a"
+checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517"
 dependencies = [
  "pin-project-internal",
 ]
 
 [[package]]
 name = "pin-project-internal"
-version = "1.1.10"
+version = "1.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861"
+checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4729,9 +4729,9 @@ dependencies = [
 
 [[package]]
 name = "quote"
-version = "1.0.44"
+version = "1.0.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4"
+checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
 dependencies = [
  "proc-macro2",
 ]
@@ -5988,9 +5988,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
 
 [[package]]
 name = "tempfile"
-version = "3.26.0"
+version = "3.27.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82a72c767771b47409d2345987fda8628641887d5466101319899796367354a0"
+checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd"
 dependencies = [
  "fastrand",
  "getrandom 0.3.3",
@@ -6144,9 +6144,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.49.0"
+version = "1.50.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86"
+checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d"
 dependencies = [
  "bytes",
  "libc",
@@ -6403,9 +6403,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-subscriber"
-version = "0.3.22"
+version = "0.3.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
+checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
 dependencies = [
  "matchers",
  "nu-ansi-term",

Cargo.toml

@@ -181,7 +181,7 @@ harness = false
 anyhow = "1"
 async-channel = "2.5.0"
 base64 = "0.22"
-chrono = { version = "0.4.43", default-features = false }
+chrono = { version = "0.4.44", default-features = false }
 deltachat-contact-tools = { path = "deltachat-contact-tools" }
 deltachat-jsonrpc = { path = "deltachat-jsonrpc", default-features = false }
 deltachat = { path = ".", default-features = false }
@@ -198,7 +198,7 @@ rusqlite = "0.37"
 sanitize-filename = "0.6"
 serde = "1.0"
 serde_json = "1"
-tempfile = "3.25.0"
+tempfile = "3.27.0"
 thiserror = "2"
 tokio = "1"
 tokio-util = "0.7.18"

deltachat-ffi/deltachat.h

@@ -364,18 +364,14 @@ uint32_t        dc_get_id                    (dc_context_t* context);
  * To get these events, you have to create an event emitter using this function
  * and call dc_get_next_event() on the emitter.
  *
+ * Events are broadcasted to all existing event emitters.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
+ *
  * @memberof dc_context_t
  * @param context The context object as created by dc_context_new().
  * @return Returns the event emitter, NULL on errors.
  *     Must be freed using dc_event_emitter_unref() after usage.
- *
- * Note: Use only one event emitter per context.
- * The result of having multiple event emitters is unspecified.
- * Currently events are broadcasted to all existing event emitters,
- * but previous versions delivered events to only one event emitter
- * and this behavior may change again in the future.
- * Events emitted before creation of event emitter
- * may or may not be available to event emitter.
  */
 dc_event_emitter_t* dc_get_event_emitter(dc_context_t* context);
 
@@ -3323,18 +3319,14 @@ void           dc_accounts_set_push_device_token (dc_accounts_t* accounts, const
  * This is similar to dc_get_event_emitter(), which, however,
  * must not be called for accounts handled by the account manager.
  *
+ * Events are broadcasted to all existing event emitters.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
+ *
  * @memberof dc_accounts_t
  * @param accounts The account manager as created by dc_accounts_new().
  * @return Returns the event emitter, NULL on errors.
  *     Must be freed using dc_event_emitter_unref() after usage.
- *
- * Note: Use only one event emitter per account manager.
- * The result of having multiple event emitters is unspecified.
- * Currently events are broadcasted to all existing event emitters,
- * but previous versions delivered events to only one event emitter
- * and this behavior may change again in the future.
- * Events emitted before creation of event emitter
- * are not available to event emitter.
  */
 dc_event_emitter_t* dc_accounts_get_event_emitter (dc_accounts_t* accounts);
 
@@ -5979,21 +5971,14 @@ void dc_event_channel_unref(dc_event_channel_t* event_channel);
  * To get these events, you have to create an event emitter using this function
  * and call dc_get_next_event() on the emitter.
  *
- * This is similar to dc_get_event_emitter(), which, however,
- * must not be called for accounts handled by the account manager.
+ * Events are broadcasted to all existing event emitters.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
  * 
  * @memberof dc_event_channel_t
  * @param The event channel.
  * @return Returns the event emitter, NULL on errors.
  *     Must be freed using dc_event_emitter_unref() after usage.
- * 
- * Note: Use only one event emitter per account manager / event channel.
- * The result of having multiple event emitters is unspecified.
- * Currently events are broadcasted to all existing event emitters,
- * but previous versions delivered events to only one event emitter
- * and this behavior may change again in the future.
- * Events emitted before creation of event emitter
- * are not available to event emitter.
  */
 dc_event_emitter_t* dc_event_channel_get_event_emitter(dc_event_channel_t* event_channel);
 

src/context.rs

@@ -25,7 +25,7 @@ use crate::key::self_fingerprint;
 use crate::log::warn;
 use crate::logged_debug_assert;
 use crate::message::{self, MessageState, MsgId};
-use crate::net::tls::TlsSessionStore;
+use crate::net::tls::{SpkiHashStore, TlsSessionStore};
 use crate::peer_channels::Iroh;
 use crate::push::PushSubscriber;
 use crate::quota::QuotaInfo;
@@ -308,6 +308,13 @@ pub struct InnerContext {
     /// TLS session resumption cache.
     pub(crate) tls_session_store: TlsSessionStore,
 
+    /// Store for TLS SPKI hashes.
+    ///
+    /// Used to remember public keys
+    /// of TLS certificates to accept them
+    /// even after they expire.
+    pub(crate) spki_hash_store: SpkiHashStore,
+
     /// Iroh for realtime peer channels.
     pub(crate) iroh: Arc<RwLock<Option<Iroh>>>,
 
@@ -511,6 +518,7 @@ impl Context {
             push_subscriber,
             push_subscribed: AtomicBool::new(false),
             tls_session_store: TlsSessionStore::new(),
+            spki_hash_store: SpkiHashStore::new(),
             iroh: Arc::new(RwLock::new(None)),
             self_fingerprint: OnceLock::new(),
             self_public_key: Mutex::new(None),

src/imap/client.rs

@@ -220,6 +220,8 @@ impl Client {
             alpn(addr.port()),
             logging_stream,
             &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
         )
         .await?;
         let buffered_stream = BufWriter::new(tls_stream);
@@ -282,6 +284,8 @@ impl Client {
             "",
             tcp_stream,
             &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
         )
         .await
         .context("STARTTLS upgrade failed")?;
@@ -310,6 +314,8 @@ impl Client {
             alpn(port),
             proxy_stream,
             &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
         )
         .await?;
         let buffered_stream = BufWriter::new(tls_stream);
@@ -373,6 +379,8 @@ impl Client {
             "",
             proxy_stream,
             &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
         )
         .await
         .context("STARTTLS upgrade failed")?;

src/mimeparser.rs

@@ -373,7 +373,7 @@ impl MimeMessage {
         hop_info += "\n\n";
         hop_info += &dkim_results.to_string();
 
-        let incoming = !context.is_self_addr(&from.addr).await?;
+        let from_is_not_self_addr = !context.is_self_addr(&from.addr).await?;
 
         let mut aheader_values = mail.headers.get_all_values(HeaderDef::Autocrypt.into());
 
@@ -438,7 +438,7 @@ impl MimeMessage {
         };
 
         let mut autocrypt_header = None;
-        if incoming {
+        if from_is_not_self_addr {
             // See `get_all_addresses_from_header()` for why we take the last valid header.
             for val in aheader_values.iter().rev() {
                 autocrypt_header = match Aheader::from_str(val) {
@@ -469,7 +469,7 @@ impl MimeMessage {
             None
         };
 
-        let mut public_keyring = if incoming {
+        let mut public_keyring = if from_is_not_self_addr {
             if let Some(autocrypt_header) = autocrypt_header {
                 vec![autocrypt_header.public_key]
             } else {
@@ -654,6 +654,15 @@ impl MimeMessage {
             .into_iter()
             .last()
             .map(|(fp, recipient_fps)| (fp, recipient_fps.into_iter().collect::<HashSet<_>>()));
+
+        let incoming = if let Some((ref sig_fp, _)) = signature {
+            sig_fp.hex() != key::self_fingerprint(context).await?
+        } else {
+            // rare case of getting a cleartext message
+            // so we determine 'incoming' flag by From-address
+            from_is_not_self_addr
+        };
+
         let mut parser = MimeMessage {
             parts: Vec::new(),
             headers,

src/net.rs

@@ -12,7 +12,7 @@ use tokio_io_timeout::TimeoutStream;
 
 use crate::context::Context;
 use crate::net::session::SessionStream;
-use crate::net::tls::TlsSessionStore;
+use crate::net::tls::{SpkiHashStore, TlsSessionStore};
 use crate::sql::Sql;
 use crate::tools::time;
 
@@ -130,6 +130,8 @@ pub(crate) async fn connect_tls_inner(
     strict_tls: bool,
     alpn: &str,
     tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<impl SessionStream + 'static> {
     let use_sni = true;
     let tcp_stream = connect_tcp_inner(addr).await?;
@@ -141,6 +143,8 @@ pub(crate) async fn connect_tls_inner(
         alpn,
         tcp_stream,
         tls_session_store,
+        spki_hash_store,
+        sql,
     )
     .await?;
     Ok(tls_stream)

src/net/http.rs

@@ -87,6 +87,8 @@ where
                     "",
                     proxy_stream,
                     &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
                 )
                 .await?;
                 Box::new(tls_stream)
@@ -99,6 +101,8 @@ where
                     "",
                     tcp_stream,
                     &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
                 )
                 .await?;
                 Box::new(tls_stream)

src/net/proxy.rs

@@ -439,6 +439,8 @@ impl ProxyConfig {
                     "",
                     tcp_stream,
                     &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
                 )
                 .await?;
                 let auth = if let Some((username, password)) = &https_config.user_password {

src/net/tls.rs

@@ -6,13 +6,19 @@ use std::sync::Arc;
 use anyhow::Result;
 
 use crate::net::session::SessionStream;
+use crate::sql::Sql;
 
 use tokio_rustls::rustls;
 use tokio_rustls::rustls::client::ClientSessionStore;
+use tokio_rustls::rustls::server::ParsedCertificate;
 
 mod danger;
-use danger::NoCertificateVerification;
+use danger::CustomCertificateVerifier;
 
+mod spki;
+pub use spki::SpkiHashStore;
+
+#[expect(clippy::too_many_arguments)]
 pub async fn wrap_tls<'a>(
     strict_tls: bool,
     hostname: &str,
@@ -21,10 +27,21 @@ pub async fn wrap_tls<'a>(
     alpn: &str,
     stream: impl SessionStream + 'static,
     tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<impl SessionStream + 'a> {
     if strict_tls {
-        let tls_stream =
-            wrap_rustls(hostname, port, use_sni, alpn, stream, tls_session_store).await?;
+        let tls_stream = wrap_rustls(
+            hostname,
+            port,
+            use_sni,
+            alpn,
+            stream,
+            tls_session_store,
+            spki_hash_store,
+            sql,
+        )
+        .await?;
         let boxed_stream: Box<dyn SessionStream> = Box::new(tls_stream);
         Ok(boxed_stream)
     } else {
@@ -94,6 +111,7 @@ impl TlsSessionStore {
     }
 }
 
+#[expect(clippy::too_many_arguments)]
 pub async fn wrap_rustls<'a>(
     hostname: &str,
     port: u16,
@@ -101,6 +119,8 @@ pub async fn wrap_rustls<'a>(
     alpn: &str,
     stream: impl SessionStream + 'a,
     tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<impl SessionStream + 'a> {
     let mut root_cert_store = rustls::RootCertStore::empty();
     root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
@@ -127,20 +147,27 @@ pub async fn wrap_rustls<'a>(
     config.resumption = resumption;
     config.enable_sni = use_sni;
 
-    // Do not verify certificates for hostnames starting with `_`.
-    // They are used for servers with self-signed certificates, e.g. for local testing.
-    // Hostnames starting with `_` can have only self-signed TLS certificates or wildcard certificates.
-    // It is not possible to get valid non-wildcard TLS certificates because CA/Browser Forum requirements
-    // explicitly state that domains should start with a letter, digit or hyphen:
-    // https://github.com/cabforum/servercert/blob/24f38fd4765e019db8bb1a8c56bf63c7115ce0b0/docs/BR.md
-    if hostname.starts_with("_") {
-        config
-            .dangerous()
-            .set_certificate_verifier(Arc::new(NoCertificateVerification::new()));
-    }
+    config
+        .dangerous()
+        .set_certificate_verifier(Arc::new(CustomCertificateVerifier::new(
+            spki_hash_store.get_spki_hash(hostname, sql).await?,
+        )));
 
     let tls = tokio_rustls::TlsConnector::from(Arc::new(config));
     let name = tokio_rustls::rustls::pki_types::ServerName::try_from(hostname)?.to_owned();
     let tls_stream = tls.connect(name, stream).await?;
+
+    // Successfully connected.
+    // Remember SPKI hash to accept it later if certificate expires.
+    let (_io, client_connection) = tls_stream.get_ref();
+    if let Some(end_entity) = client_connection
+        .peer_certificates()
+        .and_then(|certs| certs.first())
+    {
+        let parsed_certificate = ParsedCertificate::try_from(end_entity)?;
+        let spki = parsed_certificate.subject_public_key_info();
+        spki_hash_store.save_spki(hostname, &spki, sql).await?;
+    }
+
     Ok(tls_stream)
 }

src/net/tls/danger.rs

@@ -1,26 +1,85 @@
-//! Dangerous TLS implementation of accepting invalid certificates for Rustls.
+//! Custom TLS verification.
+//!
+//! We want to accept expired certificates.
 
+use rustls::RootCertStore;
+use rustls::client::{verify_server_cert_signed_by_trust_anchor, verify_server_name};
 use rustls::pki_types::{CertificateDer, ServerName, UnixTime};
+use rustls::server::ParsedCertificate;
 use tokio_rustls::rustls;
 
-#[derive(Debug)]
-pub(super) struct NoCertificateVerification();
+use crate::net::tls::spki::spki_hash;
 
-impl NoCertificateVerification {
-    pub(super) fn new() -> Self {
-        Self()
+#[derive(Debug)]
+pub(super) struct CustomCertificateVerifier {
+    /// Root certificates.
+    root_cert_store: RootCertStore,
+
+    /// Expected SPKI hash as a base64 of SHA-256.
+    spki_hash: Option<String>,
+}
+
+impl CustomCertificateVerifier {
+    pub(super) fn new(spki_hash: Option<String>) -> Self {
+        let mut root_cert_store = rustls::RootCertStore::empty();
+        root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
+        Self {
+            root_cert_store,
+            spki_hash,
+        }
     }
 }
 
-impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
+impl rustls::client::danger::ServerCertVerifier for CustomCertificateVerifier {
     fn verify_server_cert(
         &self,
-        _end_entity: &CertificateDer<'_>,
-        _intermediates: &[CertificateDer<'_>],
-        _server_name: &ServerName<'_>,
+        end_entity: &CertificateDer<'_>,
+        intermediates: &[CertificateDer<'_>],
+        server_name: &ServerName<'_>,
         _ocsp_response: &[u8],
-        _now: UnixTime,
+        now: UnixTime,
     ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
+        let parsed_certificate = ParsedCertificate::try_from(end_entity)?;
+
+        let spki = parsed_certificate.subject_public_key_info();
+
+        let provider = rustls::crypto::ring::default_provider();
+
+        if let ServerName::DnsName(dns_name) = server_name
+            && dns_name.as_ref().starts_with("_")
+        {
+            // Do not verify certificates for hostnames starting with `_`.
+            // They are used for servers with self-signed certificates, e.g. for local testing.
+            // Hostnames starting with `_` can have only self-signed TLS certificates or wildcard certificates.
+            // It is not possible to get valid non-wildcard TLS certificates because CA/Browser Forum requirements
+            // explicitly state that domains should start with a letter, digit or hyphen:
+            // https://github.com/cabforum/servercert/blob/24f38fd4765e019db8bb1a8c56bf63c7115ce0b0/docs/BR.md
+        } else if let Some(hash) = &self.spki_hash
+            && spki_hash(&spki) == *hash
+        {
+            // Last time we successfully connected to this hostname with TLS checks,
+            // SPKI had this hash.
+            // It does not matter if certificate has now expired.
+        } else {
+            // verify_server_cert_signed_by_trust_anchor does no revocation checking:
+            // <https://docs.rs/rustls/0.23.37/rustls/client/fn.verify_server_cert_signed_by_trust_anchor.html>
+            // We don't do it either.
+            verify_server_cert_signed_by_trust_anchor(
+                &parsed_certificate,
+                &self.root_cert_store,
+                intermediates,
+                now,
+                provider.signature_verification_algorithms.all,
+            )?;
+        }
+
+        // Verify server name unconditionally.
+        //
+        // We do this even for self-signed certificates when hostname starts with `_`
+        // so we don't try to connect to captive portals
+        // and fail on MITM certificates if they are generated once
+        // and reused for all hostnames.
+        verify_server_name(&parsed_certificate, server_name)?;
         Ok(rustls::client::danger::ServerCertVerified::assertion())
     }
 

src/net/tls/spki.rs

@@ -0,0 +1,92 @@
+//! SPKI hash storage.
+//!
+//! We store hashes of Subject Public Key Info from TLS certificates
+//! after successful connection to allow connecting when
+//! server certificate expires as long as the key is not changed.
+
+use std::collections::BTreeMap;
+
+use anyhow::Result;
+use base64::Engine as _;
+use parking_lot::RwLock;
+use sha2::{Digest, Sha256};
+use tokio_rustls::rustls::pki_types::SubjectPublicKeyInfoDer;
+
+use crate::sql::Sql;
+
+/// Calculates Subject Public Key Info SHA-256 hash and returns it as base64.
+///
+/// This is the same format as used in <https://www.rfc-editor.org/rfc/rfc7469>.
+/// You can calculate the same hash for any remote host with
+/// ```sh
+/// openssl s_client -connect "$HOST:993" -servername "$HOST" </dev/null 2>/dev/null |
+/// openssl x509 -pubkey -noout |
+/// openssl pkey -pubin -outform der |
+/// openssl dgst -sha256 -binary |
+/// openssl enc -base64
+/// ```
+pub fn spki_hash(spki: &SubjectPublicKeyInfoDer) -> String {
+    let spki_hash = Sha256::digest(spki);
+    base64::engine::general_purpose::STANDARD.encode(spki_hash)
+}
+
+/// Write-through cache for SPKI hashes.
+#[derive(Debug)]
+pub struct SpkiHashStore {
+    /// Map from hostnames to base64 of SHA-256 hashes.
+    pub hash_store: RwLock<BTreeMap<String, String>>,
+}
+
+impl SpkiHashStore {
+    pub fn new() -> Self {
+        Self {
+            hash_store: RwLock::new(BTreeMap::new()),
+        }
+    }
+
+    /// Returns base64 of SPKI hash if we have previously successfully connected to given hostname.
+    pub async fn get_spki_hash(&self, hostname: &str, sql: &Sql) -> Result<Option<String>> {
+        if let Some(hash) = self.hash_store.read().get(hostname).cloned() {
+            return Ok(Some(hash));
+        }
+
+        match sql
+            .query_row_optional(
+                "SELECT spki_hash FROM tls_spki WHERE host=?",
+                (hostname,),
+                |row| {
+                    let spki_hash: String = row.get(0)?;
+                    Ok(spki_hash)
+                },
+            )
+            .await?
+        {
+            Some(hash) => {
+                self.hash_store
+                    .write()
+                    .insert(hostname.to_string(), hash.clone());
+                Ok(Some(hash))
+            }
+            None => Ok(None),
+        }
+    }
+
+    /// Saves SPKI hash after successful connection.
+    pub async fn save_spki(
+        &self,
+        hostname: &str,
+        spki: &SubjectPublicKeyInfoDer<'_>,
+        sql: &Sql,
+    ) -> Result<()> {
+        let hash = spki_hash(spki);
+        self.hash_store
+            .write()
+            .insert(hostname.to_string(), hash.clone());
+        sql.execute(
+            "INSERT OR REPLACE INTO tls_spki (host, spki_hash) VALUES (?, ?)",
+            (hostname, hash),
+        )
+        .await?;
+        Ok(())
+    }
+}

src/receive_imf.rs

@@ -45,6 +45,7 @@ use crate::securejoin::{
     self, get_secure_join_step, handle_securejoin_handshake, observe_securejoin_on_other_device,
 };
 use crate::simplify;
+use crate::smtp::msg_has_pending_smtp_job;
 use crate::stats::STATISTICS_BOT_EMAIL;
 use crate::stock_str;
 use crate::sync::Sync::*;
@@ -582,14 +583,7 @@ pub(crate) async fn receive_imf_inner(
                 (rfc724_mid_orig, &self_addr),
             )
             .await?;
-        if !context
-            .sql
-            .exists(
-                "SELECT COUNT(*) FROM smtp WHERE rfc724_mid=?",
-                (rfc724_mid_orig,),
-            )
-            .await?
-        {
+        if !msg_has_pending_smtp_job(context, msg_id).await? {
             msg_id.set_delivered(context).await?;
         }
         return Ok(None);

src/receive_imf/receive_imf_tests.rs

@@ -13,9 +13,10 @@ use crate::constants::DC_GCL_FOR_FORWARDING;
 use crate::contact;
 use crate::imap::prefetch_should_download;
 use crate::imex::{ImexMode, imex};
+use crate::key;
 use crate::securejoin::get_securejoin_qr;
 use crate::test_utils::{
-    E2EE_INFO_MSGS, TestContext, TestContextManager, get_chat_msg, mark_as_verified,
+    E2EE_INFO_MSGS, TestContext, TestContextManager, alice_keypair, get_chat_msg, mark_as_verified,
 };
 use crate::tools::{SystemTime, time};
 
@@ -5561,3 +5562,31 @@ async fn test_calendar_alternative() -> Result<()> {
 
     Ok(())
 }
+
+/// Tests that outgoing encrypted messages are detected
+/// by verifying own signature, completely ignoring From address.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_outgoing_determined_by_signature() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    // alice_dev2: same key, different address.
+    let different_from = "very@different.from";
+    assert!(!alice.is_self_addr(different_from).await?);
+    let alice_dev2 = &tcm.unconfigured().await;
+    alice_dev2.configure_addr(different_from).await;
+    key::store_self_keypair(alice_dev2, &alice_keypair()).await?;
+    assert_ne!(
+        alice.get_config(Config::Addr).await?.unwrap(),
+        different_from
+    );
+
+    // Send message from alice_dev2 and check alice sees it as outgoing
+    let chat_id = alice_dev2.create_chat_id(bob).await;
+    let sent_msg = alice_dev2.send_text(chat_id, "hello from new device").await;
+    let msg = alice.recv_msg(&sent_msg).await;
+    assert_eq!(msg.state, MessageState::OutDelivered);
+
+    Ok(())
+}

src/smtp.rs

@@ -465,11 +465,7 @@ pub(crate) async fn send_msg_to_smtp(
     match status {
         SendResult::Retry => Err(format_err!("Retry")),
         SendResult::Success => {
-            if !context
-                .sql
-                .exists("SELECT COUNT(*) FROM smtp WHERE msg_id=?", (msg_id,))
-                .await?
-            {
+            if !msg_has_pending_smtp_job(context, msg_id).await? {
                 msg_id.set_delivered(context).await?;
             }
             Ok(())
@@ -478,6 +474,16 @@ pub(crate) async fn send_msg_to_smtp(
     }
 }
 
+pub(crate) async fn msg_has_pending_smtp_job(
+    context: &Context,
+    msg_id: MsgId,
+) -> Result<bool, Error> {
+    context
+        .sql
+        .exists("SELECT COUNT(*) FROM smtp WHERE msg_id=?", (msg_id,))
+        .await
+}
+
 /// Attempts to send queued MDNs.
 async fn send_mdns(context: &Context, connection: &mut Smtp) -> Result<()> {
     loop {

src/smtp/connect.rs

@@ -11,11 +11,12 @@ use crate::log::warn;
 use crate::net::dns::{lookup_host_with_cache, update_connect_timestamp};
 use crate::net::proxy::ProxyConfig;
 use crate::net::session::SessionBufStream;
-use crate::net::tls::{TlsSessionStore, wrap_tls};
+use crate::net::tls::{SpkiHashStore, TlsSessionStore, wrap_tls};
 use crate::net::{
     connect_tcp_inner, connect_tls_inner, run_connection_attempts, update_connection_history,
 };
 use crate::oauth2::get_oauth2_access_token;
+use crate::sql::Sql;
 use crate::tools::time;
 use crate::transport::ConnectionCandidate;
 use crate::transport::ConnectionSecurity;
@@ -111,10 +112,26 @@ async fn connection_attempt(
     );
     let res = match security {
         ConnectionSecurity::Tls => {
-            connect_secure(resolved_addr, host, strict_tls, &context.tls_session_store).await
+            connect_secure(
+                resolved_addr,
+                host,
+                strict_tls,
+                &context.tls_session_store,
+                &context.spki_hash_store,
+                &context.sql,
+            )
+            .await
         }
         ConnectionSecurity::Starttls => {
-            connect_starttls(resolved_addr, host, strict_tls, &context.tls_session_store).await
+            connect_starttls(
+                resolved_addr,
+                host,
+                strict_tls,
+                &context.tls_session_store,
+                &context.spki_hash_store,
+                &context.sql,
+            )
+            .await
         }
         ConnectionSecurity::Plain => connect_insecure(resolved_addr).await,
     };
@@ -240,6 +257,8 @@ async fn connect_secure_proxy(
         alpn(port),
         proxy_stream,
         &context.tls_session_store,
+        &context.spki_hash_store,
+        &context.sql,
     )
     .await?;
     let mut buffered_stream = BufStream::new(tls_stream);
@@ -273,6 +292,8 @@ async fn connect_starttls_proxy(
         "",
         tcp_stream,
         &context.tls_session_store,
+        &context.spki_hash_store,
+        &context.sql,
     )
     .await
     .context("STARTTLS upgrade failed")?;
@@ -299,6 +320,8 @@ async fn connect_secure(
     hostname: &str,
     strict_tls: bool,
     tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<Box<dyn SessionBufStream>> {
     let tls_stream = connect_tls_inner(
         addr,
@@ -306,6 +329,8 @@ async fn connect_secure(
         strict_tls,
         alpn(addr.port()),
         tls_session_store,
+        spki_hash_store,
+        sql,
     )
     .await?;
     let mut buffered_stream = BufStream::new(tls_stream);
@@ -319,6 +344,8 @@ async fn connect_starttls(
     host: &str,
     strict_tls: bool,
     tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<Box<dyn SessionBufStream>> {
     let use_sni = false;
     let tcp_stream = connect_tcp_inner(addr).await?;
@@ -336,6 +363,8 @@ async fn connect_starttls(
         "",
         tcp_stream,
         tls_session_store,
+        spki_hash_store,
+        sql,
     )
     .await
     .context("STARTTLS upgrade failed")?;

src/sql/migrations.rs

@@ -2316,6 +2316,18 @@ ALTER TABLE contacts ADD COLUMN name_normalized TEXT;
         .await?;
     }
 
+    inc_and_check(&mut migration_version, 150)?;
+    if dbversion < migration_version {
+        sql.execute_migration(
+            "CREATE TABLE tls_spki (
+               host TEXT NOT NULL UNIQUE,
+               spki_hash TEXT NOT NULL -- base64 of SPKI SHA-256 hash
+             ) STRICT",
+            migration_version,
+        )
+        .await?;
+    }
+
     let new_version = sql
         .get_raw_config_int(VERSION_CFG)
         .await?

src/test_utils.rs

@@ -40,6 +40,7 @@ use crate::message::{Message, MessageState, MsgId, update_msg_state};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::receive_imf::receive_imf;
 use crate::securejoin::{get_securejoin_qr, join_securejoin};
+use crate::smtp::msg_has_pending_smtp_job;
 use crate::stock_str::StockStrings;
 use crate::tools::time;
 
@@ -658,10 +659,7 @@ impl TestContext {
             .execute("DELETE FROM smtp WHERE id=?;", (rowid,))
             .await
             .expect("failed to remove job");
-        if !self
-            .ctx
-            .sql
-            .exists("SELECT COUNT(*) FROM smtp WHERE msg_id=?", (msg_id,))
+        if !msg_has_pending_smtp_job(self, msg_id)
             .await
             .expect("Failed to check for more jobs")
         {