v2: client: support custom tls.Config{} in DialTLS() and DialStartTLS()

Question

v2: client: support custom tls.Config{} in DialTLS() and DialStartTLS()

iredmail opened this issue 7 months ago · comments

Dear developers,

DialTLS() and DialStartTLS() don't support customizing tls.Config, hence no way to disable ssl cert verification.
It would be more convenience to use a new parameter to accept custom tls.Config like this:

// Current
// func DialTLS(address string, options *Options) (*Client, error) { ... }

// Suggested:
func DialTLS(address string, options *Options, tlsConfig *tls.Config) (*Client, error) {...}

// Current:
// func DialStartTLS(address string, options *Options) (*Client, error) {...}

// Suggested:
func DialStartTLS(address string, options *Options, tlsConfig *tls.Config) (*Client, error) {...}

resolutecake · Answer 1 · Tue Jan 02 2024 06:20:03 GMT+0800 (China Standard Time)

I coded this up for me to use self-signed certificates.
It is also required for client certificates or other pki magic

work for me

diff --git a/subtree/go-imap/imapclient/client.go b/subtree/go-imap/imapclient/client.go
index eb50b7647b..9990eeba0e 100644
--- a/subtree/go-imap/imapclient/client.go
+++ b/subtree/go-imap/imapclient/client.go
@@ -169,10 +169,15 @@ func New(conn net.Conn, options *Options) *Client {
 }
 
 // DialTLS connects to an IMAP server with implicit TLS.
-func DialTLS(address string, options *Options) (*Client, error) {
-       conn, err := tls.Dial("tcp", address, &tls.Config{
-               NextProtos: []string{"imap"},
-       })
+func DialTLS(address string, options *Options, tlsConfigp *tls.Config) (*Client, error) {
+       var tlsConfig *tls.Config
+       if tlsConfigp != nil {
+               tlsConfig = tlsConfigp.Clone()
+       } else {
+               tlsConfig = &tls.Config{}
+       }
+       tlsConfig.NextProtos = []string{"imap"}
+       conn, err := tls.Dial("tcp", address, tlsConfig)
        if err != nil {
                return nil, err
        }
diff --git a/subtree/go-imap/imapclient/example_test.go b/subtree/go-imap/imapclient/example_test.go
index 0cd0e747b4..282af7e162 100644
--- a/subtree/go-imap/imapclient/example_test.go
+++ b/subtree/go-imap/imapclient/example_test.go
@@ -12,7 +12,7 @@ import (
 )
 
 func ExampleClient() {
-       c, err := imapclient.DialTLS("mail.example.org:993", nil)
+       c, err := imapclient.DialTLS("mail.example.org:993", nil, nil)
        if err != nil {
                log.Fatalf("failed to dial IMAP server: %v", err)
        }
@@ -232,7 +232,7 @@ func ExampleClient_Idle() {
                },
        }
 
-       c, err := imapclient.DialTLS("mail.example.org:993", &options)
+       c, err := imapclient.DialTLS("mail.example.org:993", &options, nil)
:

Simon Ser · Answer 2 · Tue Jan 02 2024 17:50:37 GMT+0800 (China Standard Time)

It's not required, you can create your own net.Conn and pass it to NewClient.