feat: display TLS certificate checks configuration in connectivity view

deltachat · Sep 5, 2024 · c55d712 · c55d712
1 parent 418dfbf
commit c55d712
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 0 deletions.
diff --git a/deltachat-ffi/deltachat.h b/deltachat-ffi/deltachat.h
@@ -7384,6 +7384,11 @@ void dc_event_unref(dc_event_t* event);
 /// Used as info message.
 #define DC_STR_SECUREJOIN_WAIT_TIMEOUT 191
 
+/// "Security"
+///
+/// Used in connectivity view.
+#define DC_STR_SECUREJOIN_WAIT_TIMEOUT 192
+
 /// "Contact". Deprecated, currently unused.
 #define DC_STR_CONTACT 200
 

diff --git a/src/login_param.rs b/src/login_param.rs
@@ -786,6 +786,22 @@ impl ConfiguredLoginParam {
  | ConfiguredCertificateChecks::AcceptInvalidCertificates2 => false,
  }
  }
+
+ /// Returns true if strict TLS checks are disabled
+ /// and configuration is not for a known provider
+ /// with broken TLS setup.
+ pub fn strict_tls_manually_disabled(&self) -> bool {
+ match self.certificate_checks {
+ ConfiguredCertificateChecks::OldAutomatic => {
+ // Old "Automatic" configuration defaults to no strict TLS.
+ // User should upgrade configuration.
+ self.provider.is_none()
+ }
+ ConfiguredCertificateChecks::Automatic | ConfiguredCertificateChecks::Strict => false,
+ ConfiguredCertificateChecks::AcceptInvalidCertificates
+ | ConfiguredCertificateChecks::AcceptInvalidCertificates2 => true,
+ }
+ }
 }
 
 #[cfg(test)]

diff --git a/src/scheduler/connectivity.rs b/src/scheduler/connectivity.rs
@@ -8,6 +8,7 @@ use tokio::sync::Mutex;
 
 use crate::events::EventType;
 use crate::imap::{scan_folders::get_watched_folder_configs, FolderMeaning};
+use crate::login_param::ConfiguredLoginParam;
 use crate::quota::{QUOTA_ERROR_THRESHOLD_PERCENTAGE, QUOTA_WARN_THRESHOLD_PERCENTAGE};
 use crate::stock_str;
 use crate::{context::Context, log::LogExt};
@@ -501,6 +502,36 @@ impl Context {
  }
  ret += "</ul>";
 
+ // =============================================================================================
+ // Add e.g.
+ // Security
+ // TLS Certificate Checks: enabled
+ // =============================================================================================
+
+ if let Some(configured_login_param) = ConfiguredLoginParam::load(self).await? {
+ let security = stock_str::security(self).await;
+ ret += &format!("<h3>{security}</h3><ul>");
+
+ ret += "<li>";
+ if configured_login_param.strict_tls() {
+ // GREEN: strict TLS checks are enabled.
+ ret += &format!(
+ "<span class=\"green dot\"></span> <b>TLS Certificate Checks:</b> enabled"
+ );
+ } else if configured_login_param.strict_tls_manually_disabled() {
+ // RED: TLS checks are manually disabled.
+ ret += &format!(
+ "<span class=\"red dot\"></span> <b>TLS Certificate Checks:</b> disabled"
+ );
+ } else {
+ // YELLOW: TLS checks are automatically disabled.
+ ret += &format!(
+ "<span class=\"yellow dot\"></span> <b>TLS Certificate Checks:</b> disabled"
+ );
+ }
+ ret += "</li></ul>";
+ }
+
  // =============================================================================================
 
  ret += "</body></html>\n";

diff --git a/src/stock_str.rs b/src/stock_str.rs
@@ -437,6 +437,10 @@ pub enum StockMessage {
  fallback = "Could not yet establish guaranteed end-to-end encryption, but you may already send a message."
  ))]
  SecurejoinWaitTimeout = 191,
+
+ /// "Security" title for connectivity view section.
+ #[strum(props(fallback = "Security"))]
+ Security = 192,
 }
 
 impl StockMessage {
@@ -1367,6 +1371,11 @@ pub(crate) async fn backup_transfer_msg_body(context: &Context) -> String {
  translated(context, StockMessage::BackupTransferMsgBody).await
 }
 
+/// Stock string: `Security`.
+pub(crate) async fn security(context: &Context) -> String {
+ translated(context, StockMessage::Security).await
+}
+
 impl Context {
  /// Set the stock string for the [StockMessage].
  ///