fix: default to strict TLS checks if not configured

If user has not set any settings manually and provider is not configured, default to strict TLS checks. Bug was introduced in <#5854> (commit 6b4532a) and affects released core 1.142.4 and 1.142.5. The problem only affects accounts configured using these core versions with provider not in the provider database or when using advanced settings.
deltachat · Aug 15, 2024 · a268946 · a268946
1 parent 7432c6d
commit a268946
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/deltachat-rpc-client/tests/test_something.py b/deltachat-rpc-client/tests/test_something.py
@@ -3,6 +3,7 @@
 import json
 import logging
 import os
+import socket
 import subprocess
 import time
 from unittest.mock import MagicMock
@@ -70,6 +71,18 @@ def test_configure_starttls(acfactory) -> None:
     assert account.is_configured()
 
 
+def test_configure_ip(acfactory) -> None:
+    account = acfactory.new_preconfigured_account()
+
+    domain = account.get_config("addr").rsplit("@")[-1]
+    ip_address = socket.gethostbyname(domain)
+
+    # This should fail TLS check.
+    account.set_config("mail_server", ip_address)
+    with pytest.raises(JsonRpcError):
+        account.configure()
+
+
 def test_account(acfactory) -> None:
     alice, bob = acfactory.get_online_accounts(2)
 

diff --git a/src/login_param.rs b/src/login_param.rs
@@ -265,9 +265,7 @@ impl LoginParam {
             | CertificateChecks::AcceptInvalidCertificates2 => Some(false),
         };
         let provider_strict_tls = self.provider.map(|provider| provider.opt.strict_tls);
-        user_strict_tls
-            .or(provider_strict_tls)
-            .unwrap_or(self.socks5_config.is_some())
+        user_strict_tls.or(provider_strict_tls).unwrap_or(true)
     }
 }