vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit e93538cea959568292a7d37f49a9f6c2ad196a92
parent b4244b28b6263fb6702b5cce33213ef2f31c2802
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sun, 10 Mar 2019 14:44:42 +0100

Add option to use wrapped TLS in email, instead of STARTTLS upgrade

Diffstat:

Msrc/config.rs | 4+++-


Msrc/mail.rs | 8+++++++-


2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/config.rs b/src/config.rs
@@ -303,8 +303,10 @@ make_config! {
         smtp_host:              String, true,   option;
         /// Enable SSL
         smtp_ssl:               bool,   true,   def,     true;
+        /// Use explicit TLS |> Enabling this would force the use of an explicit TLS connection, instead of upgrading an insecure one with STARTTLS
+        smtp_explicit_tls:      bool,   true,   def,     false;
         /// Port
-        smtp_port:              u16,    true,   auto,    |c| if c.smtp_ssl {587} else {25};
+        smtp_port:              u16,    true,   auto,    |c| if c.smtp_explicit_tls {465} else if c.smtp_ssl {587} else {25};
         /// From Address
         smtp_from:              String, true,   def,     String::new();
         /// From Name
diff --git a/src/mail.rs b/src/mail.rs
@@ -18,7 +18,13 @@ fn mailer() -> SmtpTransport {
             .build()
             .unwrap();
 
-        ClientSecurity::Required(ClientTlsParameters::new(host.clone(), tls))
+        let params = ClientTlsParameters::new(host.clone(), tls);
+
+        if CONFIG.smtp_explicit_tls() {
+            ClientSecurity::Wrapper(params)
+        } else {
+            ClientSecurity::Required(params)
+        }
     } else {
         ClientSecurity::None
     };