From 7b4c8f67eb5f8e3e943d72a78bdeb4194a68c61e Mon Sep 17 00:00:00 2001
From: Moritz Poldrack <git@moritz.sh>
Date: Wed, 1 May 2024 00:11:40 +0200
Subject: imap: add imaps+insecure mode

When connecting through environments bypassing hostnames, like SSH
tunnels, the certificate verification of the server will fail, making it
impossible to connect, if plain IMAP has been disabled.

Add handling for the insecure modifier to the imaps connection.

Changelog-added: Add `imaps+insecure` to the available protocols, for
 connections that should ignore issues with certificate verification.
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Robin Jarry <robin@jarry.cc>
---
 doc/aerc-imap.5.scd    | 3 +++
 worker/imap/connect.go | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/doc/aerc-imap.5.scd b/doc/aerc-imap.5.scd
index af3a020b..c2292464 100644
--- a/doc/aerc-imap.5.scd
+++ b/doc/aerc-imap.5.scd
@@ -35,6 +35,9 @@ are available:
 	_imaps_
 		IMAP with TLS/SSL
 
+	_imaps+insecure_
+		IMAP with TLS/SSL, skipping certificate verification
+
 	_imaps+oauthbearer_
 		IMAP with TLS/SSL using OAUTHBEARER Authentication
 
diff --git a/worker/imap/connect.go b/worker/imap/connect.go
index 6c704d35..01ba7801 100644
--- a/worker/imap/connect.go
+++ b/worker/imap/connect.go
@@ -57,6 +57,9 @@ func (w *IMAPWorker) connect() (*client.Client, error) {
 			}
 		}
 	case "imaps":
+		if w.config.insecure {
+			tlsConfig.InsecureSkipVerify = true
+		}
 		tlsConn := tls.Client(conn, tlsConfig)
 		c, err = client.New(tlsConn)
 		if err != nil {
-- 
cgit v1.2.3-54-g00ecf