Other: stop rejecting old TLS versions

internal/config/tls/tls.go

@@ -144,12 +144,12 @@ func (t *TLS) GetConfig() (*tls.Config, error) {
 	caCertPool := x509.NewCertPool()
 	caCertPool.AddCert(c.Leaf)
 
+	// nolint[gosec]: We need to support older TLS versions for AppleMail and Outlook.
 	return &tls.Config{
 		Certificates: []tls.Certificate{c},
 		ServerName:   "127.0.0.1",
 		ClientAuth:   tls.VerifyClientCertIfGiven,
 		RootCAs:      caCertPool,
 		ClientCAs:    caCertPool,
-		MinVersion:   tls.VersionTLS13, // gosec G402
 	}, nil
 }

internal/frontend/autoconfig/applemail.go

@@ -93,7 +93,7 @@ func (c *appleMail) Configure(imapPort, smtpPort int, imapSSL, smtpSSL bool, use
 	})()
 
 	// Make sure the file is only readable for the current user.
-	f, err := os.OpenFile(filepath.Join(dir, "protonmail.mobileconfig"), os.O_RDWR|os.O_CREATE, 0600)
+	f, err := os.OpenFile(filepath.Clean(filepath.Join(dir, "protonmail.mobileconfig")), os.O_RDWR|os.O_CREATE, 0600)
 	if err != nil {
 		return err
 	}

pkg/keychain/helper_darwin.go

@@ -86,11 +86,8 @@ func (h *macOSHelper) Delete(secretURL string) error {
 	}
 
 	query := newQuery(hostURL, userID)
-	if err := keychain.DeleteItem(query); err != nil {
-		return err
-	}
 
-	return nil
+	return keychain.DeleteItem(query)
 }
 
 func (h *macOSHelper) Get(secretURL string) (string, string, error) {