This commit is contained in:
Drew DeVault 2019-05-20 14:01:59 -04:00
parent 22cc40f4d4
commit a9aebe11d7
2 changed files with 4 additions and 48 deletions

View file

@ -90,10 +90,6 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
} }
sendAsync := func() (int, error) { sendAsync := func() (int, error) {
tlsConfig := &tls.Config{
// TODO: ask user first
InsecureSkipVerify: true,
}
switch scheme { switch scheme {
case "smtp": case "smtp":
host := uri.Host host := uri.Host
@ -112,7 +108,7 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
"Add smtp-starttls=yes") "Add smtp-starttls=yes")
return 0, err return 0, err
} }
if err = conn.StartTLS(tlsConfig); err != nil { if err = conn.StartTLS(&tls.Config{}); err != nil {
return 0, err return 0, err
} }
} else { } else {
@ -128,7 +124,7 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
if !strings.ContainsRune(host, ':') { if !strings.ContainsRune(host, ':') {
host = host + ":465" // Default to smtps port host = host + ":465" // Default to smtps port
} }
conn, err = smtp.DialTLS(host, tlsConfig) conn, err = smtp.DialTLS(host, &tls.Config{})
if err != nil { if err != nil {
return 0, err return 0, err
} }

View file

@ -2,7 +2,6 @@ package imap
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509"
"fmt" "fmt"
"net/url" "net/url"
"strings" "strings"
@ -47,41 +46,6 @@ func NewIMAPWorker(worker *types.Worker) *IMAPWorker {
} }
} }
func (w *IMAPWorker) verifyPeerCert(msg types.WorkerMessage) func(
rawCerts [][]byte, _ [][]*x509.Certificate) error {
return func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
pool := x509.NewCertPool()
for _, rawCert := range rawCerts {
cert, err := x509.ParseCertificate(rawCert)
if err != nil {
return err
}
pool.AddCert(cert)
}
request := &types.CertificateApprovalRequest{
Message: types.RespondTo(msg),
CertPool: pool,
}
w.worker.PostMessage(request, nil)
response := <-w.worker.Actions
if response.InResponseTo() != request {
return fmt.Errorf("Expected UI to respond to cert request")
}
if approval, ok := response.(*types.ApproveCertificate); !ok {
return fmt.Errorf("Expected UI to send certificate approval")
} else {
if approval.Approved {
return nil
} else {
return fmt.Errorf("UI rejected certificate")
}
}
}
}
func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error { func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error {
if w.idleStop != nil { if w.idleStop != nil {
close(w.idleStop) close(w.idleStop)
@ -117,10 +81,6 @@ func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error {
c *client.Client c *client.Client
err error err error
) )
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
VerifyPeerCertificate: w.verifyPeerCert(msg),
}
switch w.config.scheme { switch w.config.scheme {
case "imap": case "imap":
c, err = client.Dial(w.config.addr) c, err = client.Dial(w.config.addr)
@ -129,12 +89,12 @@ func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error {
} }
if !w.config.insecure { if !w.config.insecure {
if err := c.StartTLS(tlsConfig); err != nil { if err := c.StartTLS(&tls.Config{}); err != nil {
return err return err
} }
} }
case "imaps": case "imaps":
c, err = client.DialTLS(w.config.addr, tlsConfig) c, err = client.DialTLS(w.config.addr, &tls.Config{})
if err != nil { if err != nil {
return err return err
} }