From 29fece1221544eaf62fcd2e8029b3b705e58a4bc Mon Sep 17 00:00:00 2001 From: Bryce Fisher-Fleig Date: Fri, 20 Sep 2019 23:10:48 -0700 Subject: [PATCH] (security) Remove connect_insecure In order to discourage folks from connecting securely, we're removing the convenience method imap::connect_insecure. Fear not\! For those who manage security in another way (aka a private network or similar measures), it is still possible to connect without TLS by using the imap::Client::new() method. See that method for examples of how to do this. --- .cirrus.yml | 1 - azure-pipelines.yml | 2 -- src/client.rs | 33 --------------------------------- tests/imap_integration.rs | 18 ++++-------------- 4 files changed, 4 insertions(+), 50 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index a5a900c..388ecce 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -17,7 +17,6 @@ task: build_script: - . $HOME/.cargo/env - cargo build --all-targets --verbose - - cargo build --all-targets --verbose --no-default-features test_script: - . $HOME/.cargo/env - cargo test --examples diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 120603a..bfbe861 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -41,8 +41,6 @@ stages: displayName: Run doctests - script: cargo test --lib displayName: Run unit tests - - script: cargo build --all-targets --verbose --no-default-features - displayName: Compile without openssl - job: integration displayName: cargo test pool: diff --git a/src/client.rs b/src/client.rs index c529049..7c7aceb 100644 --- a/src/client.rs +++ b/src/client.rs @@ -110,39 +110,6 @@ impl DerefMut for Session { } } -/// Connect to a server using an insecure TCP connection. -/// -/// The returned [`Client`] is unauthenticated; to access session-related methods (through -/// [`Session`]), use [`Client::login`] or [`Client::authenticate`]. -/// -/// Consider using [`connect`] for a secured connection where possible. -/// You can upgrade an insecure client to a secure one using [`Client::secure`]. -/// ```rust,no_run -/// # extern crate native_tls; -/// # extern crate imap; -/// # use std::io; -/// # use native_tls::TlsConnector; -/// # fn main() { -/// // a plain, unencrypted TCP connection -/// let client = imap::connect_insecure(("imap.example.org", 143)).unwrap(); -/// -/// // upgrade to SSL -/// let tls = TlsConnector::builder().build().unwrap(); -/// let tls_client = client.secure("imap.example.org", &tls); -/// # } -/// ``` -pub fn connect_insecure(addr: A) -> Result> { - match TcpStream::connect(addr) { - Ok(stream) => { - let mut socket = Client::new(stream); - - socket.read_greeting()?; - Ok(socket) - } - Err(e) => Err(Error::Io(e)), - } -} - /// Connect to a server using a TLS-encrypted connection. /// /// The returned [`Client`] is unauthenticated; to access session-related methods (through diff --git a/tests/imap_integration.rs b/tests/imap_integration.rs index ed9eeb4..cd821b7 100644 --- a/tests/imap_integration.rs +++ b/tests/imap_integration.rs @@ -47,24 +47,14 @@ fn smtp(user: &str) -> lettre::SmtpTransport { .transport() } -#[test] -fn connect_insecure() { - imap::connect_insecure(&format!( - "{}:3143", - std::env::var("TEST_HOST").unwrap_or("127.0.0.1".to_string()) - )) - .unwrap(); -} - #[test] #[ignore] fn connect_insecure_then_secure() { + let host = std::env::var("TEST_HOST").unwrap_or("127.0.0.1".to_string()); + let stream = TcpStream::connect((host.as_ref(), 3143)).unwrap(); + // ignored because of https://github.com/greenmail-mail-test/greenmail/issues/135 - imap::connect_insecure(&format!( - "{}:3143", - std::env::var("TEST_HOST").unwrap_or("127.0.0.1".to_string()) - )) - .unwrap() + imap::Client::new(stream) .secure("imap.example.com", &tls()) .unwrap(); }