imap: add imaps+insecure modeHEADmaster

When connecting through environments bypassing hostnames, like SSH
tunnels, the certificate verification of the server will fail, making it
impossible to connect, if plain IMAP has been disabled.

Add handling for the insecure modifier to the imaps connection.

Changelog-added: Add `imaps+insecure` to the available protocols, for
 connections that should ignore issues with certificate verification.
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Robin Jarry <robin@jarry.cc>

2 files changed, 6 insertions, 0 deletions

diff --git a/doc/aerc-imap.5.scd b/doc/aerc-imap.5.scd
index af3a020b..c2292464 100644
--- a/doc/aerc-imap.5.scd
+++ b/doc/aerc-imap.5.scd
@@ -35,6 +35,9 @@ are available:
 	_imaps_
 		IMAP with TLS/SSL
 
+	_imaps+insecure_
+		IMAP with TLS/SSL, skipping certificate verification
+
 	_imaps+oauthbearer_
 		IMAP with TLS/SSL using OAUTHBEARER Authentication
 
diff --git a/worker/imap/connect.go b/worker/imap/connect.go
index 6c704d35..01ba7801 100644
--- a/worker/imap/connect.go
+++ b/worker/imap/connect.go
@@ -57,6 +57,9 @@ func (w *IMAPWorker) connect() (*client.Client, error) {
 			}
 		}
 	case "imaps":
+		if w.config.insecure {
+			tlsConfig.InsecureSkipVerify = true
+		}
 		tlsConn := tls.Client(conn, tlsConfig)
 		c, err = client.New(tlsConn)
 		if err != nil {