Other: stop rejecting old TLS versions

2021-04-13 17:30:54 +02:00
parent cccaaa3d82
commit d243880753
3 changed files with 3 additions and 6 deletions
--- a/internal/config/tls/tls.go
+++ b/internal/config/tls/tls.go
@ -144,12 +144,12 @@ func (t *TLS) GetConfig() (*tls.Config, error) {
 	caCertPool := x509.NewCertPool()
 	caCertPool.AddCert(c.Leaf)

+	// nolint[gosec]: We need to support older TLS versions for AppleMail and Outlook.
 	return &tls.Config{
 		Certificates: []tls.Certificate{c},
 		ServerName:   "127.0.0.1",
 		ClientAuth:   tls.VerifyClientCertIfGiven,
 		RootCAs:      caCertPool,
 		ClientCAs:    caCertPool,
-		MinVersion:   tls.VersionTLS13, // gosec G402
 	}, nil
 }
--- a/internal/frontend/autoconfig/applemail.go
+++ b/internal/frontend/autoconfig/applemail.go
@ -93,7 +93,7 @@ func (c *appleMail) Configure(imapPort, smtpPort int, imapSSL, smtpSSL bool, use
 	})()

 	// Make sure the file is only readable for the current user.
-	f, err := os.OpenFile(filepath.Join(dir, "protonmail.mobileconfig"), os.O_RDWR|os.O_CREATE, 0600)
+	f, err := os.OpenFile(filepath.Clean(filepath.Join(dir, "protonmail.mobileconfig")), os.O_RDWR|os.O_CREATE, 0600)
 	if err != nil {
 		return err
 	}
--- a/pkg/keychain/helper_darwin.go
+++ b/pkg/keychain/helper_darwin.go
@ -86,11 +86,8 @@ func (h *macOSHelper) Delete(secretURL string) error {
 	}

 	query := newQuery(hostURL, userID)
-	if err := keychain.DeleteItem(query); err != nil {
-		return err
-	}

-	return nil
+	return keychain.DeleteItem(query)
 }

 func (h *macOSHelper) Get(secretURL string) (string, string, error) {