Expand description
TLS adapter for imap-rs.
Two entry points:
connect_tls— direct TLS (port 993). The connector validates the server cert against the Mozilla CA root set (webpki-roots).connect_starttls— port 143 cleartext, then upgrade to TLS via theSTARTTLScapability (RFC 3501 §6.2.1). Capabilities are re-fetched inside the encrypted channel — pre-TLS server-asserted capabilities are NEVER trusted.
Both entry points enforce a TCP-connect timeout and a TLS-handshake
timeout to prevent slowloris-style hangs. Defaults are 30 s; override
via the _with_timeouts variants.
For tests against an in-process TLS endpoint, use
handshake_with_connector with a custom TlsConnector.
Constants§
- DEFAULT_
CONNECT_ TIMEOUT - Default deadline for the TCP connect step.
- DEFAULT_
HANDSHAKE_ TIMEOUT - Default deadline for the TLS handshake step.
- DEFAULT_
PRE_ TLS_ TIMEOUT - Default deadline for any single pre-TLS request/response (greeting,
CAPABILITY,STARTTLS).
Functions§
- connect_
starttls - Connect to an IMAP server in cleartext (port 143), advertise STARTTLS, upgrade the same TCP stream to TLS, and only then begin trusting the server’s capabilities.
- connect_
starttls_ with_ timeouts - Like
connect_starttlsbut with caller-chosen timeouts. - connect_
tls - Connect over TCP and immediately perform a TLS handshake (port 993).
- connect_
tls_ with_ timeouts - Like
connect_tlsbut with caller-chosen timeouts. - default_
tls_ connector - Build a
TlsConnectorusing the Mozilla web PKI root certificates. - handshake_
with_ connector - Perform a TLS handshake on
streamand wrap the resulting TLS stream in aSession. Re-fetchesCAPABILITYso the returned session reflects the post-handshake server state. - starttls_
with_ connector - Drive the cleartext STARTTLS handshake on
stream, perform the TLS handshake, then return aSessionwhose capabilities have been re-fetched in the encrypted channel.