sander/rust-imap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(security) Remove connect_insecure

Browse source 
In order to discourage folks from connecting securely, we're removing the
convenience method imap::connect_insecure.

Fear not\! For those who manage security in another way (aka a private network
or similar measures), it is still possible to connect without TLS by using the
imap::Client::new() method. See that method for examples of how to do this.
This commit is contained in:
Bryce Fisher-Fleig 2019-09-20 23:10:48 -07:00
parent f15bdfb458
commit 29fece1221
4 changed files with 4 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.cirrus.yml
View file

@ -17,7 +17,6 @@ task:
build_script: build_script:
- . $HOME/.cargo/env - . $HOME/.cargo/env
- cargo build --all-targets --verbose - cargo build --all-targets --verbose
- cargo build --all-targets --verbose --no-default-features
test_script: test_script:
- . $HOME/.cargo/env - . $HOME/.cargo/env
- cargo test --examples - cargo test --examples

2
azure-pipelines.yml
View file

@ -41,8 +41,6 @@ stages:
displayName: Run doctests displayName: Run doctests
- script: cargo test --lib - script: cargo test --lib
displayName: Run unit tests displayName: Run unit tests
- script: cargo build --all-targets --verbose --no-default-features
displayName: Compile without openssl
- job: integration - job: integration
displayName: cargo test displayName: cargo test
pool: pool:

33
src/client.rs
View file

@ -110,39 +110,6 @@ impl<T: Read + Write> DerefMut for Session<T> {
} }
} }
/// Connect to a server using an insecure TCP connection.
///
/// The returned [`Client`] is unauthenticated; to access session-related methods (through
/// [`Session`]), use [`Client::login`] or [`Client::authenticate`].
///
/// Consider using [`connect`] for a secured connection where possible.
/// You can upgrade an insecure client to a secure one using [`Client::secure`].
/// ```rust,no_run
/// # extern crate native_tls;
/// # extern crate imap;
/// # use std::io;
/// # use native_tls::TlsConnector;
/// # fn main() {
/// // a plain, unencrypted TCP connection
/// let client = imap::connect_insecure(("imap.example.org", 143)).unwrap();
///
/// // upgrade to SSL
/// let tls = TlsConnector::builder().build().unwrap();
/// let tls_client = client.secure("imap.example.org", &tls);
/// # }
/// ```
pub fn connect_insecure<A: ToSocketAddrs>(addr: A) -> Result<Client<TcpStream>> {
match TcpStream::connect(addr) {
Ok(stream) => {
let mut socket = Client::new(stream);
socket.read_greeting()?;
Ok(socket)
}
Err(e) => Err(Error::Io(e)),
}
}
/// Connect to a server using a TLS-encrypted connection. /// Connect to a server using a TLS-encrypted connection.
/// ///
/// The returned [`Client`] is unauthenticated; to access session-related methods (through /// The returned [`Client`] is unauthenticated; to access session-related methods (through

18
tests/imap_integration.rs
View file

@ -47,24 +47,14 @@ fn smtp(user: &str) -> lettre::SmtpTransport {
.transport() .transport()
} }
#[test]
fn connect_insecure() {
imap::connect_insecure(&format!(
"{}:3143",
std::env::var("TEST_HOST").unwrap_or("127.0.0.1".to_string())
))
.unwrap();
}
#[test] #[test]
#[ignore] #[ignore]
fn connect_insecure_then_secure() { fn connect_insecure_then_secure() {
let host = std::env::var("TEST_HOST").unwrap_or("127.0.0.1".to_string());
let stream = TcpStream::connect((host.as_ref(), 3143)).unwrap();
// ignored because of https://github.com/greenmail-mail-test/greenmail/issues/135 // ignored because of https://github.com/greenmail-mail-test/greenmail/issues/135
imap::connect_insecure(&format!( imap::Client::new(stream)
"{}:3143",
std::env::var("TEST_HOST").unwrap_or("127.0.0.1".to_string())
))
.unwrap()
.secure("imap.example.com", &tls()) .secure("imap.example.com", &tls())
.unwrap(); .unwrap();
} }