aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2025-06-07 18:53:04 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2025-06-07 18:53:04 +0200
commitc042172d221fe43887ad1fcacd7689941d9f7903 (patch)
tree9af3925c0f69ebbe37a6a4738d10668e23b107fa
parenttests/email-dns: Reject mail, that fails DKIM (diff)
downloadnixos-server-c042172d221fe43887ad1fcacd7689941d9f7903.zip
pkgs/stalwart-mail-patched: Actually apply overrides
The previous code silently dropped the overrides.
Diffstat (limited to '')
-rw-r--r--pkgs/by-name/st/stalwart-mail-patched/package.nix97
-rw-r--r--pkgs/by-name/st/stalwart-mail-patched/patches/0001-Allow-to-switch-to-operating-system-CA-root-store.patch (renamed from pkgs/by-name/st/stalwart-mail-patched/patches/use-platform-ca-roots.patch)907
2 files changed, 743 insertions, 261 deletions
diff --git a/pkgs/by-name/st/stalwart-mail-patched/package.nix b/pkgs/by-name/st/stalwart-mail-patched/package.nix
index 85ab840..062ab2c 100644
--- a/pkgs/by-name/st/stalwart-mail-patched/package.nix
+++ b/pkgs/by-name/st/stalwart-mail-patched/package.nix
@@ -2,53 +2,68 @@
stalwart-mail,
callPackage,
nixLib,
+ rustPlatform,
+ lib,
}: let
spamfilter = callPackage ./spam-filter.nix {};
in
- stalwart-mail.overrideAttrs (final: prev: {
- pname = "stalwart-mail-patched";
+ stalwart-mail.override {
+ rustPlatform =
+ rustPlatform
+ // {
+ buildRustPackage = prev:
+ rustPlatform.buildRustPackage (
+ lib.attrsets.recursiveUpdate
+ prev
+ {
+ pname = "stalwart-mail-patched";
- passthru = nixLib.warnMerge (prev.passthru or {}) {
- # Use a reproducible source for the spamfilter instead of fetching it at runtime from GitHub.
- inherit spamfilter;
- } "stalwart-mail passthru";
+ passthru = nixLib.warnMerge (prev.passthru or {}) {
+ # Use a reproducible source for the spamfilter instead of fetching it at runtime from GitHub.
+ inherit spamfilter;
+ } "stalwart-mail passthru";
- # The NixOS build tests should check if this works.
- # And this shaves of around 50% of the build time.
- doCheck = false;
+ cargoHash = "sha256-Rq18JumjKYt97WKIqnLakS+FQwsjt70irlYBYAYm3H8=";
- # We are already overriding it, so shaving of some unused features is okay.
- buildNoDefaultFeatures = true;
- buildFeatures = [
- # "sqlite"
- # "postgres"
- # "mysql"
- "rocks"
- # "elastic"
- # "s3"
- "redis"
- "tls-native-roots"
- ];
+ # The NixOS build tests should check if this works.
+ # And this shaves of around 50% of the build time.
+ doCheck = false;
- cargoPatches =
- (prev.cargoPatches or [])
- ++ [
- # `stalwart-mail` uses their bundled store, which makes it impossible to use our
- # own CA certificate (e.g., for tests). Thus use a native version.
- ./patches/use-platform-ca-roots.patch
- ];
+ # We are already overriding it, so shaving of some unused features is okay.
+ buildNoDefaultFeatures = true;
+ buildFeatures = [
+ # "sqlite"
+ # "postgres"
+ # "mysql"
+ "rocks"
+ # "elastic"
+ # "s3"
+ "redis"
+ "tls-native-roots"
+ ];
- # Check that the enterprise feature is really disabled.
- postCheck =
- (prev.postCheck or "")
- +
- # bash
- ''
- if grep "enterprise" ./target/*/release/stalwart-mail.d; then
- echo "ERROR: Proprietary 'enterprise' feature active."
- exit 1
- fi
- '';
+ cargoPatches =
+ (prev.cargoPatches or [])
+ ++ [
+ # `stalwart-mail` uses their bundled store, which makes it impossible to use our
+ # own CA certificate (e.g., for tests). Thus use a native version.
+ ./patches/0001-Allow-to-switch-to-operating-system-CA-root-store.patch
+ ];
- meta.mainProgram = prev.meta.mainProgram or "stalwart-mail";
- })
+ # Check that the enterprise feature is really disabled.
+ postCheck =
+ (prev.postCheck or "")
+ +
+ # bash
+ ''
+ if grep "enterprise" ./target/*/release/stalwart-mail.d; then
+ echo "ERROR: Proprietary 'enterprise' feature active."
+ exit 1
+ fi
+ '';
+
+ meta.mainProgram = prev.meta.mainProgram or "stalwart-mail";
+ }
+ );
+ };
+ }
diff --git a/pkgs/by-name/st/stalwart-mail-patched/patches/use-platform-ca-roots.patch b/pkgs/by-name/st/stalwart-mail-patched/patches/0001-Allow-to-switch-to-operating-system-CA-root-store.patch
index 392fbde..17ab1f4 100644
--- a/pkgs/by-name/st/stalwart-mail-patched/patches/use-platform-ca-roots.patch
+++ b/pkgs/by-name/st/stalwart-mail-patched/patches/0001-Allow-to-switch-to-operating-system-CA-root-store.patch
@@ -1,4 +1,4 @@
-From 66227b07c6cb4781a38fe603c2e856c5696e0f94 Mon Sep 17 00:00:00 2001
+From af19ac6465bc3f76b61deef15fcdf0a97eaa0904 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Wed, 21 May 2025 19:03:55 +0200
Subject: [PATCH] Allow to switch to operating system CA root store
@@ -32,64 +32,345 @@ by simply recompiling with the "tls-native-roots" feature.
Signed-off-by: aszlig <aszlig@nix.build>
Issue: https://github.com/stalwartlabs/stalwart/issues/247
---
- Cargo.lock | 4 ++
- crates/cli/Cargo.toml | 10 +++--
- crates/cli/src/main.rs | 8 ++--
- crates/common/Cargo.toml | 2 +-
- crates/common/src/enterprise/llm.rs | 2 +-
- crates/common/src/enterprise/mod.rs | 18 +++++---
- crates/common/src/lib.rs | 3 +-
- crates/common/src/listener/acme/directory.rs | 6 +--
- crates/common/src/manager/mod.rs | 2 +-
- crates/common/src/scripts/plugins/http.rs | 2 +-
- crates/common/src/telemetry/webhooks/mod.rs | 2 +-
- crates/directory/Cargo.toml | 2 +-
- crates/directory/src/backend/oidc/lookup.rs | 4 +-
- crates/jmap/Cargo.toml | 2 +-
- crates/main/Cargo.toml | 1 +
- crates/services/Cargo.toml | 2 +-
- crates/services/src/state_manager/http.rs | 2 +-
- crates/smtp/Cargo.toml | 2 +-
- crates/smtp/src/inbound/hooks/client.rs | 2 +-
- crates/smtp/src/outbound/mta_sts/lookup.rs | 3 +-
- crates/smtp/src/reporting/tls.rs | 5 +--
- crates/spam-filter/Cargo.toml | 2 +-
- crates/spam-filter/src/analysis/url.rs | 2 +-
- crates/store/Cargo.toml | 2 +-
- crates/store/src/backend/azure/mod.rs | 2 +-
- crates/store/src/backend/http/lookup.rs | 2 +-
- crates/trc/Cargo.toml | 2 +-
- crates/utils/Cargo.toml | 2 +
- crates/utils/src/lib.rs | 46 ++++++++++++++------
- crates/utils/src/suffixlist.rs | 7 ++-
- tests/Cargo.toml | 2 +-
- tests/src/jmap/auth_oauth.rs | 6 +--
- tests/src/jmap/mod.rs | 4 +-
- tests/src/smtp/management/queue.rs | 2 +-
- tests/src/webdav/mod.rs | 2 +-
- 35 files changed, 103 insertions(+), 64 deletions(-)
+ Cargo.lock | 237 +++++++++++++++++--
+ crates/cli/Cargo.toml | 8 +-
+ crates/cli/src/main.rs | 8 +-
+ crates/common/Cargo.toml | 2 +-
+ crates/common/src/enterprise/llm.rs | 2 +-
+ crates/common/src/enterprise/mod.rs | 4 +-
+ crates/common/src/lib.rs | 3 +-
+ crates/common/src/listener/acme/directory.rs | 6 +-
+ crates/common/src/manager/mod.rs | 2 +-
+ crates/common/src/scripts/plugins/http.rs | 2 +-
+ crates/common/src/telemetry/webhooks/mod.rs | 2 +-
+ crates/directory/Cargo.toml | 4 +-
+ crates/directory/src/backend/oidc/lookup.rs | 4 +-
+ crates/jmap/Cargo.toml | 2 +-
+ crates/main/Cargo.toml | 13 +-
+ crates/smtp/Cargo.toml | 8 +-
+ crates/smtp/src/inbound/hooks/client.rs | 2 +-
+ crates/smtp/src/outbound/mta_sts/lookup.rs | 3 +-
+ crates/smtp/src/reporting/tls.rs | 5 +-
+ crates/spam-filter/Cargo.toml | 4 +-
+ crates/spam-filter/src/analysis/url.rs | 2 +-
+ crates/store/Cargo.toml | 2 +-
+ crates/store/src/backend/azure/mod.rs | 2 +-
+ crates/store/src/backend/http/lookup.rs | 2 +-
+ crates/trc/Cargo.toml | 4 +-
+ crates/utils/Cargo.toml | 2 +
+ crates/utils/src/lib.rs | 41 +++-
+ crates/utils/src/suffixlist.rs | 7 +-
+ tests/Cargo.toml | 2 +-
+ tests/src/jmap/auth_oauth.rs | 6 +-
+ tests/src/jmap/mod.rs | 4 +-
+ tests/src/smtp/management/queue.rs | 2 +-
+ 32 files changed, 309 insertions(+), 88 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
-index 0eeb42510..6dd394dc3 100644
+index 21c7f726..67fe5739 100644
--- a/Cargo.lock
+++ b/Cargo.lock
-@@ -3372,6 +3372,7 @@ dependencies = [
+@@ -410,7 +410,7 @@ checksum = "412b79ce053cef36eda52c25664b45ec92a21769488e20d5a8bf0b3c9e1a28cb"
+ dependencies = [
+ "http 1.2.0",
+ "log",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "serde",
+ "serde_json",
+ "url",
+@@ -1035,6 +1035,12 @@ dependencies = [
+ "smallvec",
+ ]
+
++[[package]]
++name = "cesu8"
++version = "1.1.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
++
+ [[package]]
+ name = "cexpr"
+ version = "0.6.0"
+@@ -1250,7 +1256,7 @@ dependencies = [
+ "reqwest 0.12.12",
+ "ring 0.17.8",
+ "rsa",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pemfile 2.2.0",
+ "rustls-pki-types",
+ "serde",
+@@ -1347,6 +1353,16 @@ dependencies = [
+ "libc",
+ ]
+
++[[package]]
++name = "core-foundation"
++version = "0.10.1"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6"
++dependencies = [
++ "core-foundation-sys",
++ "libc",
++]
++
+ [[package]]
+ name = "core-foundation-sys"
+ version = "0.8.7"
+@@ -1819,7 +1835,7 @@ dependencies = [
+ "pwhash",
+ "regex",
+ "reqwest 0.12.12",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pki-types",
+ "scrypt",
+ "serde",
+@@ -3056,7 +3072,8 @@ dependencies = [
+ "http 1.2.0",
"hyper 1.6.0",
"hyper-util",
- "rustls 0.23.27",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-native-certs 0.8.1",
"rustls-pki-types",
"tokio",
- "tokio-rustls 0.26.2",
-@@ -6318,6 +6319,7 @@ dependencies = [
+ "tokio-rustls 0.26.1",
+@@ -3296,7 +3313,7 @@ dependencies = [
+ "nlp",
+ "parking_lot",
+ "rand 0.9.0",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pemfile 2.2.0",
+ "store",
+ "tokio",
+@@ -3620,6 +3637,28 @@ dependencies = [
+ "utils",
+ ]
+
++[[package]]
++name = "jni"
++version = "0.21.1"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "1a87aa2bb7d2af34197c04845522473242e1aa17c12f4935d5856491a7fb8c97"
++dependencies = [
++ "cesu8",
++ "cfg-if",
++ "combine",
++ "jni-sys",
++ "log",
++ "thiserror 1.0.69",
++ "walkdir",
++ "windows-sys 0.45.0",
++]
++
++[[package]]
++name = "jni-sys"
++version = "0.3.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130"
++
+ [[package]]
+ name = "jobserver"
+ version = "0.1.32"
+@@ -3978,7 +4017,7 @@ dependencies = [
+ "base64 0.22.1",
+ "gethostname",
+ "md5",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pki-types",
+ "smtp-proto",
+ "tokio",
+@@ -4022,7 +4061,7 @@ dependencies = [
+ "mail-send",
+ "md5",
+ "parking_lot",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pemfile 2.2.0",
+ "sieve-rs",
+ "store",
+@@ -4841,7 +4880,7 @@ dependencies = [
+ "jmap_proto",
+ "mail-parser",
+ "mail-send",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "store",
+ "tokio",
+ "tokio-rustls 0.26.1",
+@@ -5152,7 +5191,7 @@ dependencies = [
+ "quinn-proto",
+ "quinn-udp",
+ "rustc-hash 2.1.0",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "socket2",
+ "thiserror 2.0.11",
+ "tokio",
+@@ -5170,7 +5209,7 @@ dependencies = [
+ "rand 0.8.5",
+ "ring 0.17.8",
+ "rustc-hash 2.1.0",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pki-types",
+ "slab",
+ "thiserror 2.0.11",
+@@ -5452,7 +5491,7 @@ dependencies = [
+ "percent-encoding",
+ "pin-project-lite",
+ "rand 0.8.5",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-native-certs 0.7.3",
+ "rustls-pemfile 2.2.0",
+ "rustls-pki-types",
+@@ -5595,7 +5634,8 @@ dependencies = [
+ "percent-encoding",
"pin-project-lite",
"quinn",
- "rustls 0.23.27",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-native-certs 0.8.1",
"rustls-pemfile 2.2.0",
"rustls-pki-types",
"serde",
-@@ -7694,6 +7696,7 @@ dependencies = [
+@@ -5960,14 +6000,14 @@ dependencies = [
+
+ [[package]]
+ name = "rustls"
+-version = "0.23.21"
++version = "0.23.27"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8"
++checksum = "730944ca083c1c233a75c09f199e973ca499344a2b7ba9e755c457e86fb4a321"
+ dependencies = [
+ "once_cell",
+ "ring 0.17.8",
+ "rustls-pki-types",
+- "rustls-webpki 0.102.8",
++ "rustls-webpki 0.103.3",
+ "subtle",
+ "zeroize",
+ ]
+@@ -5981,7 +6021,7 @@ dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 1.0.4",
+ "schannel",
+- "security-framework",
++ "security-framework 2.11.1",
+ ]
+
+ [[package]]
+@@ -5994,7 +6034,19 @@ dependencies = [
+ "rustls-pemfile 2.2.0",
+ "rustls-pki-types",
+ "schannel",
+- "security-framework",
++ "security-framework 2.11.1",
++]
++
++[[package]]
++name = "rustls-native-certs"
++version = "0.8.1"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3"
++dependencies = [
++ "openssl-probe",
++ "rustls-pki-types",
++ "schannel",
++ "security-framework 3.2.0",
+ ]
+
+ [[package]]
+@@ -6024,6 +6076,33 @@ dependencies = [
+ "web-time",
+ ]
+
++[[package]]
++name = "rustls-platform-verifier"
++version = "0.5.3"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "19787cda76408ec5404443dc8b31795c87cd8fec49762dc75fa727740d34acc1"
++dependencies = [
++ "core-foundation 0.10.1",
++ "core-foundation-sys",
++ "jni",
++ "log",
++ "once_cell",
++ "rustls 0.23.27",
++ "rustls-native-certs 0.8.1",
++ "rustls-platform-verifier-android",
++ "rustls-webpki 0.103.3",
++ "security-framework 3.2.0",
++ "security-framework-sys",
++ "webpki-root-certs 0.26.11",
++ "windows-sys 0.59.0",
++]
++
++[[package]]
++name = "rustls-platform-verifier-android"
++version = "0.1.1"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"
++
+ [[package]]
+ name = "rustls-webpki"
+ version = "0.101.7"
+@@ -6045,6 +6124,17 @@ dependencies = [
+ "untrusted 0.9.0",
+ ]
+
++[[package]]
++name = "rustls-webpki"
++version = "0.103.3"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "e4a72fe2bcf7a6ac6fd7d0b9e5cb68aeb7d4c0a0271730218b3e92d43b4eb435"
++dependencies = [
++ "ring 0.17.8",
++ "rustls-pki-types",
++ "untrusted 0.9.0",
++]
++
+ [[package]]
+ name = "rustversion"
+ version = "1.0.19"
+@@ -6169,7 +6259,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
+ dependencies = [
+ "bitflags 2.8.0",
+- "core-foundation",
++ "core-foundation 0.9.4",
++ "core-foundation-sys",
++ "libc",
++ "security-framework-sys",
++]
++
++[[package]]
++name = "security-framework"
++version = "3.2.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316"
++dependencies = [
++ "bitflags 2.8.0",
++ "core-foundation 0.10.1",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+@@ -6546,7 +6649,7 @@ dependencies = [
+ "rayon",
+ "regex",
+ "reqwest 0.12.12",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pemfile 2.2.0",
+ "rustls-pki-types",
+ "serde",
+@@ -6684,6 +6787,7 @@ dependencies = [
"serde",
"serde_json",
"tokio",
@@ -97,44 +378,236 @@ index 0eeb42510..6dd394dc3 100644
]
[[package]]
-@@ -8795,6 +8798,7 @@ dependencies = [
- "rustls 0.23.27",
+@@ -6730,7 +6834,7 @@ dependencies = [
+ "rocksdb",
+ "rusqlite",
+ "rust-s3",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pki-types",
+ "serde",
+ "serde_json",
+@@ -6861,7 +6965,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7"
+ dependencies = [
+ "bitflags 1.3.2",
+- "core-foundation",
++ "core-foundation 0.9.4",
+ "system-configuration-sys",
+ ]
+
+@@ -6938,7 +7042,7 @@ dependencies = [
+ "rayon",
+ "reqwest 0.12.12",
+ "ring 0.17.8",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "rustls-pemfile 2.2.0",
+ "rustls-pki-types",
+ "serde",
+@@ -7144,7 +7248,7 @@ version = "0.26.1"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37"
+ dependencies = [
+- "rustls 0.23.21",
++ "rustls 0.23.27",
+ "tokio",
+ ]
+
+@@ -7610,9 +7714,10 @@ dependencies = [
+ "regex",
+ "reqwest 0.12.12",
+ "ring 0.17.8",
+- "rustls 0.23.21",
++ "rustls 0.23.27",
"rustls-pemfile 2.2.0",
"rustls-pki-types",
+ "rustls-platform-verifier",
"serde",
"serde_json",
"smtp-proto",
+@@ -7817,6 +7922,24 @@ dependencies = [
+ "untrusted 0.9.0",
+ ]
+
++[[package]]
++name = "webpki-root-certs"
++version = "0.26.11"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "75c7f0ef91146ebfb530314f5f1d24528d7f0767efbfd31dce919275413e393e"
++dependencies = [
++ "webpki-root-certs 1.0.0",
++]
++
++[[package]]
++name = "webpki-root-certs"
++version = "1.0.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "01a83f7e1a9f8712695c03eabe9ed3fbca0feff0152f33f12593e5a6303cb1a4"
++dependencies = [
++ "rustls-pki-types",
++]
++
+ [[package]]
+ name = "webpki-roots"
+ version = "0.25.4"
+@@ -7939,6 +8062,15 @@ dependencies = [
+ "windows-targets 0.52.6",
+ ]
+
++[[package]]
++name = "windows-sys"
++version = "0.45.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
++dependencies = [
++ "windows-targets 0.42.2",
++]
++
+ [[package]]
+ name = "windows-sys"
+ version = "0.48.0"
+@@ -7966,6 +8098,21 @@ dependencies = [
+ "windows-targets 0.52.6",
+ ]
+
++[[package]]
++name = "windows-targets"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
++dependencies = [
++ "windows_aarch64_gnullvm 0.42.2",
++ "windows_aarch64_msvc 0.42.2",
++ "windows_i686_gnu 0.42.2",
++ "windows_i686_msvc 0.42.2",
++ "windows_x86_64_gnu 0.42.2",
++ "windows_x86_64_gnullvm 0.42.2",
++ "windows_x86_64_msvc 0.42.2",
++]
++
+ [[package]]
+ name = "windows-targets"
+ version = "0.48.5"
+@@ -7997,6 +8144,12 @@ dependencies = [
+ "windows_x86_64_msvc 0.52.6",
+ ]
+
++[[package]]
++name = "windows_aarch64_gnullvm"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
++
+ [[package]]
+ name = "windows_aarch64_gnullvm"
+ version = "0.48.5"
+@@ -8009,6 +8162,12 @@ version = "0.52.6"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
+
++[[package]]
++name = "windows_aarch64_msvc"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
++
+ [[package]]
+ name = "windows_aarch64_msvc"
+ version = "0.48.5"
+@@ -8021,6 +8180,12 @@ version = "0.52.6"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
+
++[[package]]
++name = "windows_i686_gnu"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
++
+ [[package]]
+ name = "windows_i686_gnu"
+ version = "0.48.5"
+@@ -8039,6 +8204,12 @@ version = "0.52.6"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
+
++[[package]]
++name = "windows_i686_msvc"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
++
+ [[package]]
+ name = "windows_i686_msvc"
+ version = "0.48.5"
+@@ -8051,6 +8222,12 @@ version = "0.52.6"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
+
++[[package]]
++name = "windows_x86_64_gnu"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
++
+ [[package]]
+ name = "windows_x86_64_gnu"
+ version = "0.48.5"
+@@ -8063,6 +8240,12 @@ version = "0.52.6"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
+
++[[package]]
++name = "windows_x86_64_gnullvm"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
++
+ [[package]]
+ name = "windows_x86_64_gnullvm"
+ version = "0.48.5"
+@@ -8075,6 +8258,12 @@ version = "0.52.6"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
+
++[[package]]
++name = "windows_x86_64_msvc"
++version = "0.42.2"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
++
+ [[package]]
+ name = "windows_x86_64_msvc"
+ version = "0.48.5"
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
-index 5573df819..719441a0c 100644
+index 878def77..d4239cdb 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
-@@ -11,9 +11,9 @@ readme = "README.md"
+@@ -11,8 +11,8 @@ readme = "README.md"
resolver = "2"
[dependencies]
-jmap-client = { version = "0.3", features = ["async"] }
--mail-parser = { version = "0.11", features = ["full_encoding", "serde"] }
--reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"]}
+-mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
+jmap-client = { version = "0.3", features = ["async"] }
-+mail-parser = { version = "0.11", features = ["full_encoding", "serde"] }
-+reqwest = { version = "0.12", default-features = false, features = ["http2"]}
- tokio = { version = "1.45", features = ["full"] }
++mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
+ reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"]}
+ tokio = { version = "1.23", features = ["full"] }
num_cpus = "1.13.1"
- clap = { version = "4.1.6", features = ["derive"] }
@@ -30,3 +30,7 @@ futures = "0.3.28"
pwhash = "1.0.0"
rand = "0.9.0"
- mail-auth = { version = "0.7" }
+ mail-auth = { version = "0.6" }
+utils.path = "../utils"
+
+[features]
+tls-native-roots = ["utils/tls-native-roots"]
diff --git a/crates/cli/src/main.rs b/crates/cli/src/main.rs
-index f295c217f..f62d528c5 100644
+index 1ce96eda..da52b2ba 100644
--- a/crates/cli/src/main.rs
+++ b/crates/cli/src/main.rs
-@@ -86,7 +86,7 @@ fn parse_credentials(credentials: &str) -> Credentials {
+@@ -85,7 +85,7 @@ fn parse_credentials(credentials: &str) -> Credentials {
async fn oauth(url: &str) -> Credentials {
let metadata: HashMap<String, serde_json::Value> = serde_json::from_slice(
@@ -143,7 +616,7 @@ index f295c217f..f62d528c5 100644
.danger_accept_invalid_certs(is_localhost(url))
.build()
.unwrap_or_default()
-@@ -104,7 +104,7 @@ async fn oauth(url: &str) -> Credentials {
+@@ -103,7 +103,7 @@ async fn oauth(url: &str) -> Credentials {
let mut params: HashMap<String, String> =
HashMap::from_iter([("client_id".to_string(), "Stalwart_CLI".to_string())]);
let response: HashMap<String, serde_json::Value> = serde_json::from_slice(
@@ -152,7 +625,7 @@ index f295c217f..f62d528c5 100644
.danger_accept_invalid_certs(is_localhost(url))
.build()
.unwrap_or_default()
-@@ -138,7 +138,7 @@ async fn oauth(url: &str) -> Credentials {
+@@ -137,7 +137,7 @@ async fn oauth(url: &str) -> Credentials {
std::io::stdin().lock().lines().next();
let mut response: HashMap<String, serde_json::Value> = serde_json::from_slice(
@@ -161,7 +634,7 @@ index f295c217f..f62d528c5 100644
.danger_accept_invalid_certs(is_localhost(url))
.build()
.unwrap_or_default()
-@@ -230,7 +230,7 @@ impl Client {
+@@ -229,7 +229,7 @@ impl Client {
},
url
);
@@ -171,10 +644,10 @@ index f295c217f..f62d528c5 100644
.timeout(Duration::from_secs(self.timeout.unwrap_or(60)))
.build()
diff --git a/crates/common/Cargo.toml b/crates/common/Cargo.toml
-index 58028bad3..5add0a5dc 100644
+index 7c53a1db..edf72dfa 100644
--- a/crates/common/Cargo.toml
+++ b/crates/common/Cargo.toml
-@@ -33,7 +33,7 @@ tokio = { version = "1.45", features = ["net", "macros"] }
+@@ -32,7 +32,7 @@ tokio = { version = "1.23", features = ["net", "macros"] }
tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "tls12"] }
futures = "0.3"
rcgen = "0.12"
@@ -184,7 +657,7 @@ index 58028bad3..5add0a5dc 100644
serde_json = "1.0"
base64 = "0.22"
diff --git a/crates/common/src/enterprise/llm.rs b/crates/common/src/enterprise/llm.rs
-index 8338f39d3..fe013c0f0 100644
+index bc370b4b..b54cae27 100644
--- a/crates/common/src/enterprise/llm.rs
+++ b/crates/common/src/enterprise/llm.rs
@@ -125,7 +125,7 @@ impl AiApiConfig {
@@ -197,39 +670,25 @@ index 8338f39d3..fe013c0f0 100644
.danger_accept_invalid_certs(self.tls_allow_invalid_certs)
.build()
diff --git a/crates/common/src/enterprise/mod.rs b/crates/common/src/enterprise/mod.rs
-index 9fc8de495..ddaf27880 100644
+index 5eec0f98..7718bbd8 100644
--- a/crates/common/src/enterprise/mod.rs
+++ b/crates/common/src/enterprise/mod.rs
-@@ -188,12 +188,18 @@ impl Server {
+@@ -193,7 +193,9 @@ impl Server {
let mut logo = None;
if let Some(logo_url) = logo_url {
-- let response = reqwest::get(logo_url.as_str()).await.map_err(|err| {
-- trc::ResourceEvent::DownloadExternal
-- .into_err()
-- .details("Failed to download logo")
-- .reason(err)
-- })?;
+- let response = reqwest::get(&logo_url).await.map_err(|err| {
+ let response = utils::reqwest_client_builder()
+ .build()
-+ .unwrap_or_default()
-+ .get(logo_url.as_str())
-+ .send()
-+ .await
-+ .map_err(|err| {
-+ trc::ResourceEvent::DownloadExternal
-+ .into_err()
-+ .details("Failed to download logo")
-+ .reason(err)
-+ })?;
-
- let content_type = response
- .headers()
++ .unwrap_or_default().get(&logo_url).await.map_err(|err| {
+ trc::ResourceEvent::DownloadExternal
+ .into_err()
+ .details("Failed to download logo")
diff --git a/crates/common/src/lib.rs b/crates/common/src/lib.rs
-index ce4b41b89..185508d1f 100644
+index c7ffdf0a..0fee0564 100644
--- a/crates/common/src/lib.rs
+++ b/crates/common/src/lib.rs
-@@ -46,6 +46,8 @@ use utils::{
+@@ -47,6 +47,8 @@ use utils::{
snowflake::SnowflakeIdGenerator,
};
@@ -238,27 +697,27 @@ index ce4b41b89..185508d1f 100644
pub mod addresses;
pub mod auth;
pub mod config;
-@@ -67,7 +69,6 @@ pub use psl;
- pub static VERSION_PRIVATE: &str = env!("CARGO_PKG_VERSION");
- pub static VERSION_PUBLIC: &str = "1.0.0";
+@@ -63,7 +65,6 @@ pub mod telemetry;
+
+ pub use psl;
--pub static USER_AGENT: &str = "Stalwart/1.0.0";
- pub static DAEMON_NAME: &str = concat!("Stalwart v", env!("CARGO_PKG_VERSION"),);
- pub static PROD_ID: &str = "-//Stalwart Labs Ltd.//Stalwart Server//EN";
+-pub static USER_AGENT: &str = concat!("Stalwart/", env!("CARGO_PKG_VERSION"),);
+ pub static DAEMON_NAME: &str = concat!("Stalwart Mail Server v", env!("CARGO_PKG_VERSION"),);
+ pub const IPC_CHANNEL_BUFFER: usize = 1024;
diff --git a/crates/common/src/listener/acme/directory.rs b/crates/common/src/listener/acme/directory.rs
-index f095e1969..6f9cfa0e0 100644
+index 6eedc5a9..7fc3c20f 100644
--- a/crates/common/src/listener/acme/directory.rs
+++ b/crates/common/src/listener/acme/directory.rs
-@@ -7,7 +7,6 @@ use super::jose::{
- };
+@@ -4,7 +4,6 @@ use std::time::Duration;
+
use base64::Engine;
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
-use hyper::header::USER_AGENT;
use rcgen::{Certificate, CustomExtension, PKCS_ECDSA_P256_SHA256};
use reqwest::header::CONTENT_TYPE;
use reqwest::{Method, Response};
-@@ -316,7 +315,7 @@ async fn https(
+@@ -315,7 +314,7 @@ async fn https(
body: Option<String>,
) -> trc::Result<Response> {
let url = url.as_ref();
@@ -267,7 +726,7 @@ index f095e1969..6f9cfa0e0 100644
.timeout(Duration::from_secs(30))
.http1_only();
-@@ -330,8 +329,7 @@ async fn https(
+@@ -329,8 +328,7 @@ async fn https(
let mut request = builder
.build()
.map_err(|err| trc::EventType::Acme(trc::AcmeEvent::Error).from_http_error(err))?
@@ -278,7 +737,7 @@ index f095e1969..6f9cfa0e0 100644
if let Some(body) = body {
request = request
diff --git a/crates/common/src/manager/mod.rs b/crates/common/src/manager/mod.rs
-index 51861a82c..a59e74b56 100644
+index 51861a82..a59e74b5 100644
--- a/crates/common/src/manager/mod.rs
+++ b/crates/common/src/manager/mod.rs
@@ -76,7 +76,7 @@ pub async fn fetch_resource(
@@ -291,7 +750,7 @@ index 51861a82c..a59e74b56 100644
.danger_accept_invalid_certs(is_localhost_url(url))
.user_agent(USER_AGENT)
diff --git a/crates/common/src/scripts/plugins/http.rs b/crates/common/src/scripts/plugins/http.rs
-index 42e2af553..54d906e17 100644
+index 6cba1fe6..8cc3250f 100644
--- a/crates/common/src/scripts/plugins/http.rs
+++ b/crates/common/src/scripts/plugins/http.rs
@@ -26,7 +26,7 @@ pub async fn exec_header(ctx: PluginContext<'_>) -> trc::Result<Variable> {
@@ -304,10 +763,10 @@ index 42e2af553..54d906e17 100644
.timeout(Duration::from_millis(timeout))
.redirect(Policy::none())
diff --git a/crates/common/src/telemetry/webhooks/mod.rs b/crates/common/src/telemetry/webhooks/mod.rs
-index a70005399..2cebfd81f 100644
+index 6207fd6c..994afae5 100644
--- a/crates/common/src/telemetry/webhooks/mod.rs
+++ b/crates/common/src/telemetry/webhooks/mod.rs
-@@ -148,7 +148,7 @@ async fn post_webhook_events(
+@@ -150,7 +150,7 @@ async fn post_webhook_events(
}
// Send request
@@ -317,10 +776,19 @@ index a70005399..2cebfd81f 100644
.danger_accept_invalid_certs(settings.tls_allow_invalid_certs)
.build()
diff --git a/crates/directory/Cargo.toml b/crates/directory/Cargo.toml
-index ae8eca025..4a033834b 100644
+index 3bff0fc5..ad3d8a01 100644
--- a/crates/directory/Cargo.toml
+++ b/crates/directory/Cargo.toml
-@@ -35,7 +35,7 @@ futures = "0.3"
+@@ -11,7 +11,7 @@ store = { path = "../store" }
+ trc = { path = "../trc" }
+ jmap_proto = { path = "../jmap-proto" }
+ smtp-proto = { version = "0.1" }
+-mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
++mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
+ mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+ mail-builder = { version = "0.4" }
+ tokio = { version = "1.23", features = ["net"] }
+@@ -34,7 +34,7 @@ futures = "0.3"
regex = "1.7.0"
serde = { version = "1.0", features = ["derive"]}
totp-rs = { version = "5.5.1", features = ["otpauth"] }
@@ -328,9 +796,9 @@ index ae8eca025..4a033834b 100644
+reqwest = { version = "0.12", default-features = false, features = ["http2"] }
serde_json = "1.0"
base64 = "0.22"
- rkyv = { version = "0.8.10", features = ["little_endian"] }
+
diff --git a/crates/directory/src/backend/oidc/lookup.rs b/crates/directory/src/backend/oidc/lookup.rs
-index 755064115..907831a46 100644
+index 49253dd3..5122ccab 100644
--- a/crates/directory/src/backend/oidc/lookup.rs
+++ b/crates/directory/src/backend/oidc/lookup.rs
@@ -36,10 +36,10 @@ impl OpenIdDirectory {
@@ -347,10 +815,10 @@ index 755064115..907831a46 100644
let client = client
.timeout(self.config.endpoint_timeout)
diff --git a/crates/jmap/Cargo.toml b/crates/jmap/Cargo.toml
-index 9d9cfa7d7..a3a7b5003 100644
+index 25643ac5..1383ae9f 100644
--- a/crates/jmap/Cargo.toml
+++ b/crates/jmap/Cargo.toml
-@@ -36,7 +36,7 @@ p256 = { version = "0.13", features = ["ecdh"] }
+@@ -38,7 +38,7 @@ p256 = { version = "0.13", features = ["ecdh"] }
hkdf = "0.12.3"
sha1 = "0.10"
sha2 = "0.10"
@@ -360,55 +828,56 @@ index 9d9cfa7d7..a3a7b5003 100644
tungstenite = "0.26"
chrono = "0.4"
diff --git a/crates/main/Cargo.toml b/crates/main/Cargo.toml
-index 1023b73bf..4b39dae29 100644
+index a5a6160c..ec737cce 100644
--- a/crates/main/Cargo.toml
+++ b/crates/main/Cargo.toml
-@@ -64,3 +64,4 @@ enterprise = [ "jmap/enterprise",
- "dav/enterprise",
- "groupware/enterprise",
- "services/enterprise" ]
+@@ -45,10 +45,11 @@ elastic = ["store/elastic"]
+ s3 = ["store/s3"]
+ redis = ["store/redis"]
+ azure = ["store/azure"]
+-enterprise = [ "jmap/enterprise",
+- "smtp/enterprise",
+- "common/enterprise",
+- "store/enterprise",
+- "managesieve/enterprise",
+- "directory/enterprise",
++enterprise = [ "jmap/enterprise",
++ "smtp/enterprise",
++ "common/enterprise",
++ "store/enterprise",
++ "managesieve/enterprise",
++ "directory/enterprise",
+ "spam-filter/enterprise" ]
+tls-native-roots = ["utils/tls-native-roots"]
-diff --git a/crates/services/Cargo.toml b/crates/services/Cargo.toml
-index 11bb76e5a..35aa0b6cb 100644
---- a/crates/services/Cargo.toml
-+++ b/crates/services/Cargo.toml
-@@ -24,7 +24,7 @@ rsa = "0.9.2"
- p256 = { version = "0.13", features = ["ecdh"] }
- hkdf = "0.12.3"
- sha2 = "0.10"
--reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"]}
-+reqwest = { version = "0.12", default-features = false, features = ["http2"]}
- base64 = "0.22"
- compact_str = "0.9.0"
-
-diff --git a/crates/services/src/state_manager/http.rs b/crates/services/src/state_manager/http.rs
-index edd01865f..ee26b8482 100644
---- a/crates/services/src/state_manager/http.rs
-+++ b/crates/services/src/state_manager/http.rs
-@@ -63,7 +63,7 @@ pub(crate) async fn http_request(
- keys: Option<EncryptionKeys>,
- push_timeout: Duration,
- ) -> bool {
-- let client_builder = reqwest::Client::builder().timeout(push_timeout);
-+ let client_builder = utils::reqwest_client_builder().timeout(push_timeout);
-
- #[cfg(feature = "test_mode")]
- let client_builder = client_builder.danger_accept_invalid_certs(true);
diff --git a/crates/smtp/Cargo.toml b/crates/smtp/Cargo.toml
-index e4a781796..d21665c92 100644
+index e7232a5b..5618fcef 100644
--- a/crates/smtp/Cargo.toml
+++ b/crates/smtp/Cargo.toml
+@@ -22,10 +22,10 @@ spam-filter = { path = "../spam-filter" }
+ trc = { path = "../trc" }
+ mail-auth = { version = "0.6" }
+ mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+-mail-parser = { version = "0.10", features = ["full_encoding"] }
+-mail-builder = { version = "0.4" }
++mail-parser = { version = "0.10", features = ["full_encoding"] }
++mail-builder = { version = "0.4" }
+ smtp-proto = { version = "0.1", features = ["serde_support"] }
+-sieve-rs = { version = "0.6" }
++sieve-rs = { version = "0.6" }
+ ahash = { version = "0.8" }
+ rustls = { version = "0.23.5", default-features = false, features = ["std", "ring", "tls12"] }
+ rustls-pemfile = "2.0"
@@ -47,7 +47,7 @@ blake3 = "1.3"
lru-cache = "0.1.2"
rand = "0.9.0"
- x509-parser = "0.17.0"
+ x509-parser = "0.16.0"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"] }
+reqwest = { version = "0.12", default-features = false, features = ["http2"] }
serde = { version = "1.0", features = ["derive", "rc"] }
serde_json = "1.0"
num_cpus = "1.15.0"
diff --git a/crates/smtp/src/inbound/hooks/client.rs b/crates/smtp/src/inbound/hooks/client.rs
-index 2e3a9e17c..6bfb40a63 100644
+index 2e3a9e17..6bfb40a6 100644
--- a/crates/smtp/src/inbound/hooks/client.rs
+++ b/crates/smtp/src/inbound/hooks/client.rs
@@ -13,7 +13,7 @@ pub(super) async fn send_mta_hook_request(
@@ -421,7 +890,7 @@ index 2e3a9e17c..6bfb40a63 100644
.danger_accept_invalid_certs(mta_hook.tls_allow_invalid_certs)
.build()
diff --git a/crates/smtp/src/outbound/mta_sts/lookup.rs b/crates/smtp/src/outbound/mta_sts/lookup.rs
-index c8b279c2f..10f2aafeb 100644
+index 03c5d251..45aff403 100644
--- a/crates/smtp/src/outbound/mta_sts/lookup.rs
+++ b/crates/smtp/src/outbound/mta_sts/lookup.rs
@@ -67,8 +67,7 @@ impl MtaStsLookup for Server {
@@ -435,19 +904,19 @@ index c8b279c2f..10f2aafeb 100644
.redirect(reqwest::redirect::Policy::none())
.build()?
diff --git a/crates/smtp/src/reporting/tls.rs b/crates/smtp/src/reporting/tls.rs
-index 28e9fa47b..875f395c8 100644
+index 1da29ea9..3b504b13 100644
--- a/crates/smtp/src/reporting/tls.rs
+++ b/crates/smtp/src/reporting/tls.rs
-@@ -8,7 +8,7 @@ use super::{AggregateTimestamp, SerializedSize};
- use crate::{queue::RecipientDomain, reporting::SmtpReporting};
- use ahash::AHashMap;
- use common::{
+@@ -13,7 +13,7 @@ use common::{
+ resolver::{Mode, MxPattern},
+ },
+ ipc::{TlsEvent, ToHash},
- Server, USER_AGENT,
+ Server,
- config::smtp::{
- report::AggregateFrequency,
- resolver::{Mode, MxPattern},
-@@ -142,8 +142,7 @@ impl TlsReporting for Server {
+ };
+ use mail_auth::{
+ flate2::{write::GzEncoder, Compression},
+@@ -145,8 +145,7 @@ impl TlsReporting for Server {
for uri in &rua {
match uri {
ReportUri::Http(uri) => {
@@ -458,10 +927,19 @@ index 28e9fa47b..875f395c8 100644
.build()
{
diff --git a/crates/spam-filter/Cargo.toml b/crates/spam-filter/Cargo.toml
-index f6ec739a8..5a3df8453 100644
+index 4d0e0fa8..aefd5d0f 100644
--- a/crates/spam-filter/Cargo.toml
+++ b/crates/spam-filter/Cargo.toml
-@@ -19,7 +19,7 @@ tokio = { version = "1.45", features = ["net", "macros"] }
+@@ -11,7 +11,7 @@ store = { path = "../store" }
+ trc = { path = "../trc" }
+ common = { path = "../common" }
+ smtp-proto = { version = "0.1", features = ["serde_support"] }
+-mail-parser = { version = "0.10", features = ["full_encoding"] }
++mail-parser = { version = "0.10", features = ["full_encoding"] }
+ mail-builder = { version = "0.4" }
+ mail-auth = { version = "0.6" }
+ mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+@@ -19,7 +19,7 @@ tokio = { version = "1.23", features = ["net", "macros"] }
psl = "2"
hyper = { version = "1.0.1", features = ["server", "http1", "http2"] }
idna = "1.0"
@@ -469,12 +947,12 @@ index f6ec739a8..5a3df8453 100644
+reqwest = { version = "0.12", default-features = false, features = ["http2", "stream"]}
decancer = "3.0.1"
unicode-security = "0.1.0"
- infer = "0.19"
+ infer = "0.16"
diff --git a/crates/spam-filter/src/analysis/url.rs b/crates/spam-filter/src/analysis/url.rs
-index a0d663917..e6377f13c 100644
+index c3d5f828..51a93141 100644
--- a/crates/spam-filter/src/analysis/url.rs
+++ b/crates/spam-filter/src/analysis/url.rs
-@@ -290,7 +290,7 @@ async fn http_get_header(
+@@ -289,7 +289,7 @@ async fn http_get_header(
Ok(None)
};
}
@@ -484,20 +962,20 @@ index a0d663917..e6377f13c 100644
.timeout(timeout)
.redirect(Policy::none())
diff --git a/crates/store/Cargo.toml b/crates/store/Cargo.toml
-index 1f8965049..3bd1a228c 100644
+index d89d8da1..aa1aef33 100644
--- a/crates/store/Cargo.toml
+++ b/crates/store/Cargo.toml
-@@ -16,7 +16,7 @@ async-nats = { version = "0.40", default-features = false, features = ["server_2
+@@ -15,7 +15,7 @@ rust-s3 = { version = "=0.35.0-alpha.2", default-features = false, features = ["
azure_core = { version = "0.21.0", optional = true }
azure_storage = { version = "0.21.0", default-features = false, features = ["enable_reqwest_rustls", "hmac_rust"], optional = true }
azure_storage_blobs = { version = "0.21.0", default-features = false, features = ["enable_reqwest_rustls", "hmac_rust"], optional = true }
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2", "stream"]}
+reqwest = { version = "0.12", default-features = false, features = ["http2", "stream"]}
- tokio = { version = "1.45", features = ["sync", "fs", "io-util"] }
+ tokio = { version = "1.23", features = ["sync", "fs", "io-util"] }
r2d2 = { version = "0.8.10", optional = true }
futures = { version = "0.3", optional = true }
diff --git a/crates/store/src/backend/azure/mod.rs b/crates/store/src/backend/azure/mod.rs
-index 8bbaea073..fbdb03eb7 100644
+index 3b6d5be4..e91d6275 100644
--- a/crates/store/src/backend/azure/mod.rs
+++ b/crates/store/src/backend/azure/mod.rs
@@ -63,7 +63,7 @@ impl AzureStore {
@@ -510,10 +988,10 @@ index 8bbaea073..fbdb03eb7 100644
Err(err) => {
config.new_build_error(
diff --git a/crates/store/src/backend/http/lookup.rs b/crates/store/src/backend/http/lookup.rs
-index dbaa932ed..ff7cca2d8 100644
+index bb5c6104..ce7c6149 100644
--- a/crates/store/src/backend/http/lookup.rs
+++ b/crates/store/src/backend/http/lookup.rs
-@@ -91,7 +91,7 @@ impl HttpStore {
+@@ -90,7 +90,7 @@ impl HttpStore {
async fn try_refresh(&self) -> trc::Result<AHashMap<String, Value<'static>>> {
let time = Instant::now();
let agent = BROWSER_USER_AGENTS.choose(&mut rand::rng()).unwrap();
@@ -523,60 +1001,61 @@ index dbaa932ed..ff7cca2d8 100644
.user_agent(*agent)
.build()
diff --git a/crates/trc/Cargo.toml b/crates/trc/Cargo.toml
-index 61d1cd69a..22d8e6599 100644
+index 13221373..bb7b6fd8 100644
--- a/crates/trc/Cargo.toml
+++ b/crates/trc/Cargo.toml
-@@ -11,7 +11,7 @@ mail-parser = { version = "0.11", features = ["full_encoding"] }
+@@ -7,11 +7,11 @@ resolver = "2"
+ [dependencies]
+ event_macro = { path = "./event-macro" }
+ mail-auth = { version = "0.6" }
+-mail-parser = { version = "0.10", features = ["full_encoding"] }
++mail-parser = { version = "0.10", features = ["full_encoding"] }
base64 = "0.22.1"
serde = "1.0"
serde_json = "1.0.120"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"]}
+reqwest = { version = "0.12", default-features = false, features = ["http2"]}
+ bincode = "1.3.3"
rtrb = "0.3.1"
parking_lot = "0.12.3"
- tokio = { version = "1.45", features = ["net", "macros"] }
diff --git a/crates/utils/Cargo.toml b/crates/utils/Cargo.toml
-index 4766c55b5..f45780d24 100644
+index b451e742..cbd981ec 100644
--- a/crates/utils/Cargo.toml
+++ b/crates/utils/Cargo.toml
-@@ -9,6 +9,7 @@ trc = { path = "../trc" }
- rustls = { version = "0.23.5", default-features = false, features = ["std", "ring", "tls12"] }
- rustls-pemfile = "2.0"
- rustls-pki-types = { version = "1" }
+@@ -23,6 +23,7 @@ ring = { version = "0.17" }
+ base64 = "0.22"
+ serde_json = "1.0"
+ rcgen = "0.13"
+rustls-platform-verifier = { version = "0.5.3", optional = true }
- tokio = { version = "1.45", features = ["net", "macros", "signal"] }
- tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "tls12"] }
- serde = { version = "1.0", features = ["derive"]}
-@@ -45,6 +46,7 @@ privdrop = "0.5.3"
+ reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2", "stream"]}
+ x509-parser = "0.16.0"
+ pem = "3.0"
+@@ -40,6 +41,7 @@ privdrop = "0.5.3"
[features]
test_mode = []
+tls-native-roots = ["dep:rustls-platform-verifier", "reqwest/rustls-tls-native-roots"]
[dev-dependencies]
- tokio = { version = "1.45", features = ["full"] }
+ tokio = { version = "1.23", features = ["full"] }
diff --git a/crates/utils/src/lib.rs b/crates/utils/src/lib.rs
-index 2b73df148..2efcc96d7 100644
+index acec2f04..f3c667f3 100644
--- a/crates/utils/src/lib.rs
+++ b/crates/utils/src/lib.rs
-@@ -21,14 +21,14 @@ use compact_str::ToCompactString;
- use futures::StreamExt;
+@@ -18,10 +18,11 @@ use futures::StreamExt;
use reqwest::Response;
use rustls::{
+ client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
- ClientConfig, RootCertStore, SignatureScheme,
+ ClientConfig, SignatureScheme,
- client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
};
--use rustls_pki_types::TrustAnchor;
-
- pub use downcast_rs;
- pub use erased_serde;
+ use rustls_pki_types::TrustAnchor;
+pub static USER_AGENT: &str = "Stalwart/1.0.0";
pub const BLOB_HASH_LEN: usize = 32;
- #[derive(
-@@ -294,20 +294,28 @@ pub async fn wait_for_shutdown() {
+ #[derive(Clone, Debug, Default, PartialEq, Eq, Hash, serde::Serialize, serde::Deserialize)]
+@@ -277,20 +278,28 @@ pub async fn wait_for_shutdown() {
}
pub fn rustls_client_config(allow_invalid_certs: bool) -> ClientConfig {
@@ -587,19 +1066,14 @@ index 2b73df148..2efcc96d7 100644
if !allow_invalid_certs {
- let mut root_cert_store = RootCertStore::empty();
--
++ #[cfg(feature = "tls-native-roots")]
++ let config = config.with_platform_verifier();
+
- root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| TrustAnchor {
- subject: ta.subject.clone(),
- subject_public_key_info: ta.subject_public_key_info.clone(),
- name_constraints: ta.name_constraints.clone(),
- }));
--
-- config
-- .with_root_certificates(root_cert_store)
-- .with_no_client_auth()
-+ #[cfg(feature = "tls-native-roots")]
-+ let config = config.with_platform_verifier();
-+
+ #[cfg(not(feature = "tls-native-roots"))]
+ let config = config.with_root_certificates(
+ webpki_roots::TLS_SERVER_ROOTS
@@ -611,12 +1085,15 @@ index 2b73df148..2efcc96d7 100644
+ })
+ .collect::<rustls::RootCertStore>(),
+ );
-+
+
+- config
+- .with_root_certificates(root_cert_store)
+- .with_no_client_auth()
+ config.with_no_client_auth()
} else {
config
.dangerous()
-@@ -316,6 +324,18 @@ pub fn rustls_client_config(allow_invalid_certs: bool) -> ClientConfig {
+@@ -299,6 +308,18 @@ pub fn rustls_client_config(allow_invalid_certs: bool) -> ClientConfig {
}
}
@@ -636,7 +1113,7 @@ index 2b73df148..2efcc96d7 100644
struct DummyVerifier;
diff --git a/crates/utils/src/suffixlist.rs b/crates/utils/src/suffixlist.rs
-index e0921abe3..b53126ae9 100644
+index e0921abe..b53126ae 100644
--- a/crates/utils/src/suffixlist.rs
+++ b/crates/utils/src/suffixlist.rs
@@ -111,7 +111,12 @@ impl PublicSuffix {
@@ -654,10 +1131,10 @@ index e0921abe3..b53126ae9 100644
if r.status().is_success() {
r.bytes().await
diff --git a/tests/Cargo.toml b/tests/Cargo.toml
-index 386b8255a..68692e939 100644
+index b054e41f..1d1762d8 100644
--- a/tests/Cargo.toml
+++ b/tests/Cargo.toml
-@@ -59,7 +59,7 @@ rayon = { version = "1.5.1" }
+@@ -50,7 +50,7 @@ rayon = { version = "1.5.1" }
flate2 = { version = "1.0.17", features = ["zlib"], default-features = false }
serde = { version = "1.0", features = ["derive"]}
serde_json = "1.0"
@@ -667,10 +1144,10 @@ index 386b8255a..68692e939 100644
futures = "0.3"
ece = "2.2"
diff --git a/tests/src/jmap/auth_oauth.rs b/tests/src/jmap/auth_oauth.rs
-index 0d05d3a77..fff811fcf 100644
+index fb6f5fe8..c36654e6 100644
--- a/tests/src/jmap/auth_oauth.rs
+++ b/tests/src/jmap/auth_oauth.rs
-@@ -411,7 +411,7 @@ async fn post_bytes(
+@@ -406,7 +406,7 @@ async fn post_bytes(
auth_token: Option<&str>,
params: &AHashMap<String, String>,
) -> Bytes {
@@ -679,7 +1156,7 @@ index 0d05d3a77..fff811fcf 100644
.timeout(Duration::from_millis(500))
.danger_accept_invalid_certs(true)
.build()
-@@ -437,7 +437,7 @@ async fn post_json<D: DeserializeOwned>(
+@@ -432,7 +432,7 @@ async fn post_json<D: DeserializeOwned>(
auth_token: Option<&str>,
body: &impl Serialize,
) -> D {
@@ -688,7 +1165,7 @@ index 0d05d3a77..fff811fcf 100644
.timeout(Duration::from_millis(500))
.danger_accept_invalid_certs(true)
.build()
-@@ -473,7 +473,7 @@ async fn post_with_auth<T: DeserializeOwned>(
+@@ -468,7 +468,7 @@ async fn post_with_auth<T: DeserializeOwned>(
}
async fn get_bytes(url: &str) -> Bytes {
@@ -698,10 +1175,10 @@ index 0d05d3a77..fff811fcf 100644
.danger_accept_invalid_certs(true)
.build()
diff --git a/tests/src/jmap/mod.rs b/tests/src/jmap/mod.rs
-index 554026a00..ffd8d292a 100644
+index f44f0781..fbf22556 100644
--- a/tests/src/jmap/mod.rs
+++ b/tests/src/jmap/mod.rs
-@@ -419,7 +419,7 @@ pub async fn jmap_raw_request(body: impl AsRef<str>, username: &str, secret: &st
+@@ -700,7 +700,7 @@ pub async fn jmap_raw_request(body: impl AsRef<str>, username: &str, secret: &st
}"#;
String::from_utf8(
@@ -710,7 +1187,7 @@ index 554026a00..ffd8d292a 100644
.danger_accept_invalid_certs(true)
.timeout(Duration::from_millis(1000))
.default_headers(headers)
-@@ -620,7 +620,7 @@ impl ManagementApi {
+@@ -901,7 +901,7 @@ impl ManagementApi {
query: &str,
body: Option<String>,
) -> Result<String, String> {
@@ -720,10 +1197,10 @@ index 554026a00..ffd8d292a 100644
.danger_accept_invalid_certs(true)
.build()
diff --git a/tests/src/smtp/management/queue.rs b/tests/src/smtp/management/queue.rs
-index e86f55169..a0d144127 100644
+index 0a553b74..ed2a88d9 100644
--- a/tests/src/smtp/management/queue.rs
+++ b/tests/src/smtp/management/queue.rs
-@@ -493,7 +493,7 @@ async fn manage_queue() {
+@@ -489,7 +489,7 @@ async fn manage_queue() {
// Test authentication error
assert_eq!(
@@ -732,16 +1209,6 @@ index e86f55169..a0d144127 100644
.timeout(Duration::from_millis(500))
.danger_accept_invalid_certs(true)
.build()
-diff --git a/tests/src/webdav/mod.rs b/tests/src/webdav/mod.rs
-index 0ed8b1888..25aab71a4 100644
---- a/tests/src/webdav/mod.rs
-+++ b/tests/src/webdav/mod.rs
-@@ -302,7 +302,7 @@ impl DummyWebDavClient {
- headers: impl IntoIterator<Item = (&'static str, &str)>,
- body: impl Into<String>,
- ) -> DavResponse {
-- let mut request = reqwest::Client::builder()
-+ let mut request = utils::reqwest_client_builder()
- .timeout(Duration::from_millis(500))
- .danger_accept_invalid_certs(true)
- .build()
+--
+2.49.0
+
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-31 22:24:29 +0000