Prepare v0.11.18

feat: add ability to give a name to an inline attachment (#1101 )
build(deps): upgrade socket2 to v0.6 (#1098 )
2025-07-28 09:38:52 +02:00 · 2025-07-21 08:19:31 +02:00 · 2025-07-05 12:09:17 +02:00 · 2025-06-05 21:41:17 +02:00 · 2025-06-02 10:43:17 +02:00 · 2025-05-24 16:37:54 +02:00
21 changed files with 750 additions and 273 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,71 @@
+<a name="v0.11.18"></a>
+### v0.11.18 (2025-07-28)
+
+#### Features
+
+* Allow inline attachments to be named ([#1101])
+
+#### Misc
+
+* Upgrade `socket2` to v0.6 ([#1098])
+
+[#1098]: https://github.com/lettre/lettre/pull/1098
+[#1101]: https://github.com/lettre/lettre/pull/1101
+
+<a name="v0.11.17"></a>
+### v0.11.17 (2025-06-06)
+
+#### Features
+
+* Add support for `rustls-platform-verifier` ([#1081])
+
+#### Misc
+
+* Change readme example to use `Mailbox::new` instead of string parsing ([#1090])
+* Replace futures-util `Mutex` with std `Mutex` in `AsyncStubTransport` ([#1091])
+* Avoid duplicate `abort_concurrent` implementation ([#1092])
+
+[#1081]: https://github.com/lettre/lettre/pull/1081
+[#1090]: https://github.com/lettre/lettre/pull/1090
+[#1091]: https://github.com/lettre/lettre/pull/1091
+[#1092]: https://github.com/lettre/lettre/pull/1092
+
+<a name="v0.11.16"></a>
+### v0.11.16 (2025-05-12)
+
+#### Features
+
+* Always implement `Clone` for `AsyncFileTransport` ([#1075])
+
+#### Changes
+
+* `Tls`, `CertificateStore`, `TlsParameters`, `TlsParametersBuilder`, `Certificate` and `Identity`
+  are now marked as deprecated when no TLS backend is enabled. They will be properly feature gated
+  in lettre v0.12 ([#1084])
+
+#### Misc
+
+* Gate `web-time` behind `cfg(target_arch = "wasm32")]` ([#1086])
+* Add missing `#[doc(cfg(...))]` attributes ([#1086])
+* Upgrade `webpki-roots` to v1 ([#1088])
+* Cleanup internal `TlsParameters` and `(Async)NetworkStream` structures ([#1082])
+* Feature gate internal `TransportBuilder::tls` to avoid recursive call site warnings ([#1083])
+* Fix workaround for embedding cargo script in rustdoc output ([#1077])
+* Fix `clippy::io_other_error` warnings ([#1078])
+* Upgrade semver compatible dependencies ([#1076], [#1079], [#1080])
+
+[#1075]: https://github.com/lettre/lettre/pull/1075
+[#1076]: https://github.com/lettre/lettre/pull/1076
+[#1077]: https://github.com/lettre/lettre/pull/1077
+[#1078]: https://github.com/lettre/lettre/pull/1078
+[#1079]: https://github.com/lettre/lettre/pull/1079
+[#1080]: https://github.com/lettre/lettre/pull/1080
+[#1082]: https://github.com/lettre/lettre/pull/1082
+[#1083]: https://github.com/lettre/lettre/pull/1083
+[#1084]: https://github.com/lettre/lettre/pull/1084
+[#1086]: https://github.com/lettre/lettre/pull/1086
+[#1088]: https://github.com/lettre/lettre/pull/1088
+
 <a name="v0.11.15"></a>
 ### v0.11.15 (2025-03-10)

--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "lettre"
 # remember to update html_root_url and README.md (Cargo.toml example and deps.rs badge)
-version = "0.11.15"
+version = "0.11.18"
 description = "Email client"
 readme = "README.md"
 homepage = "https://lettre.rs"
@@ -42,15 +42,16 @@ serde_json = { version = "1", optional = true }
 # smtp-transport
 nom = { version = "8", optional = true }
 hostname = { version = "0.4", optional = true } # feature
-socket2 = { version = "0.5.1", optional = true }
+socket2 = { version = "0.6", optional = true }
 url = { version = "2.4", optional = true }
 percent-encoding = { version = "2.3", optional = true }

 ## tls
 native-tls = { version = "0.2.9", optional = true } # feature
 rustls = { version = "0.23.18", default-features = false, features = ["logging", "std", "tls12"], optional = true }
+rustls-platform-verifier = { version = "0.6.0", optional = true }
 rustls-native-certs = { version = "0.8", optional = true }
-webpki-roots = { version = "0.26", optional = true }
+webpki-roots = { version = "1.0.0", optional = true }
 boring = { version = "4", optional = true }

 # async
@@ -73,6 +74,7 @@ sha2 = { version = "0.10", features = ["oid"], optional = true }
 rsa = { version = "0.9", optional = true }
 ed25519-dalek = { version = "2", optional = true }

+[target.'cfg(target_arch = "wasm32")'.dependencies]
 ## web-time for wasm support
 web-time = { version = "1.1.0", optional = true }

--- a/README.md
+++ b/README.md
@@ -28,8 +28,8 @@
 </div>

 <div align="center">
-  <a href="https://deps.rs/crate/lettre/0.11.15">
-    <img src="https://deps.rs/crate/lettre/0.11.15/status.svg"
+  <a href="https://deps.rs/crate/lettre/0.11.18">
+    <img src="https://deps.rs/crate/lettre/0.11.18/status.svg"
      alt="dependency status" />
  </a>
 </div>
@@ -73,9 +73,9 @@ use lettre::{Message, SmtpTransport, Transport};

 fn main() {
    let email = Message::builder()
-        .from("NoBody <nobody@domain.tld>".parse().unwrap())
-        .reply_to("Yuin <yuin@domain.tld>".parse().unwrap())
-        .to("Hei <hei@domain.tld>".parse().unwrap())
+        .from(Mailbox::new("NoBody".to_owned(), "nobody@domain.tld".parse().unwrap()))
+        .reply_to(Mailbox::new("Yuin".to_owned(), "yuin@domain.tld".parse().unwrap()))
+        .to(Mailbox::new("Hei".to_owned(), "hei@domain.tld".parse().unwrap()))
        .subject("Happy new year")
        .header(ContentType::TEXT_PLAIN)
        .body(String::from("Be happy!"))
--- a/src/address/envelope.rs
+++ b/src/address/envelope.rs
@@ -163,6 +163,7 @@ impl Envelope {
 }

 #[cfg(feature = "builder")]
+#[cfg_attr(docsrs, doc(cfg(feature = "builder")))]
 impl TryFrom<&Headers> for Envelope {
    type Error = Error;

--- a/src/lib.rs
+++ b/src/lib.rs
@@ -93,17 +93,20 @@
 //! When the `rustls` feature is enabled, one of the following verification backends
 //! MUST also be enabled.
 //!
-//! * **rustls-native-certs**: verify TLS certificates using the platform's native certificate store (see [`rustls-native-certs`])
+//! * **rustls-platform-verifier**: verify TLS certificate using the OS's native certificate store (see [`rustls-platform-verifier`])
+//! * **rustls-native-certs**: verify TLS certificates using the platform's native certificate store (see [`rustls-native-certs`]) - when in doubt use `rustls-platform-verifier`
 //! * **webpki-roots**: verify TLS certificates against Mozilla's root certificates (see [`webpki-roots`])
 //!
-//! For the `rustls-native-certs` backend to work correctly, the following packages
-//! will need to be installed in order for the build stage and the compiled program
-//! to run properly.
+//! The following packages will need to be installed in order for the build
+//! stage and the compiled program to run properly.
 //!
-//! | Distro       | Build-time packages        | Runtime packages             |
-//! | ------------ | -------------------------- | ---------------------------- |
-//! | Debian       | none                       | `ca-certificates`            |
-//! | Alpine Linux | none                       | `ca-certificates`            |
+//! | Verification backend       | Distro       | Build-time packages        | Runtime packages             |
+//! | ---------------------      | ------------ | -------------------------- | ---------------------------- |
+//! | `rustls-platform-verifier` | Debian       | none                       | `ca-certificates`            |
+//! | `rustls-platform-verifier` | Alpine Linux | none                       | `ca-certificates`            |
+//! | `rustls-native-certs`      | Debian       | none                       | `ca-certificates`            |
+//! | `rustls-native-certs`      | Alpine Linux | none                       | `ca-certificates`            |
+//! | `webpki-roots`             | any          | none                       | none                         |
 //!
 //! ### Sendmail transport
 //!
@@ -151,6 +154,7 @@
 //! [AWS-LC]: https://github.com/aws/aws-lc
 //! [`aws-lc-rs`]: https://crates.io/crates/aws-lc-rs
 //! [`ring`]: https://crates.io/crates/ring
+//! [`rustls-platform-verifier`]: https://crates.io/crates/rustls-platform-verifier
 //! [`rustls-native-certs`]: https://crates.io/crates/rustls-native-certs
 //! [`webpki-roots`]: https://crates.io/crates/webpki-roots
 //! [Tokio 1.x]: https://docs.rs/tokio/1
@@ -158,7 +162,7 @@
 //! [mime 0.3]: https://docs.rs/mime/0.3
 //! [DKIM]: https://datatracker.ietf.org/doc/html/rfc6376

-#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.15")]
+#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.18")]
 #![doc(html_favicon_url = "https://lettre.rs/favicon.ico")]
 #![doc(html_logo_url = "https://avatars0.githubusercontent.com/u/15113230?v=4")]
 #![forbid(unsafe_code)]
@@ -208,12 +212,13 @@ mod compiletime_checks {

    #[cfg(all(
        feature = "rustls",
+        not(feature = "rustls-platform-verifier"),
        not(feature = "rustls-native-certs"),
        not(feature = "webpki-roots")
    ))]
    compile_error!(
-        "feature `rustls` also requires either the `rustls-native-certs` or the `webpki-roots` feature to
-    be enabled"
+        "feature `rustls` also requires either the `rustls-platform-verifier`, the `rustls-native-certs`
+    or the `webpki-roots` feature to be enabled"
    );

    #[cfg(all(feature = "native-tls", feature = "boring-tls"))]
--- a/src/message/attachment.rs
+++ b/src/message/attachment.rs
@@ -16,7 +16,10 @@ enum Disposition {
    /// File name
    Attached(String),
    /// Content id
-    Inline(String),
+    Inline {
+        content_id: String,
+        name: Option<String>,
+    },
 }

 impl Attachment {
@@ -81,7 +84,50 @@ impl Attachment {
    /// ```
    pub fn new_inline(content_id: String) -> Self {
        Attachment {
-            disposition: Disposition::Inline(content_id),
+            disposition: Disposition::Inline {
+                content_id,
+                name: None,
+            },
+        }
+    }
+
+    /// Create a new inline attachment giving it a name
+    ///
+    /// This attachment should be displayed inline into the message
+    /// body:
+    ///
+    /// ```html
+    /// <img src="cid:123">
+    /// ```
+    ///
+    ///
+    /// ```rust
+    /// # use std::error::Error;
+    /// use std::fs;
+    ///
+    /// use lettre::message::{header::ContentType, Attachment};
+    ///
+    /// # fn main() -> Result<(), Box<dyn Error>> {
+    /// let content_id = String::from("123");
+    /// let file_name = String::from("image.jpg");
+    /// # if false {
+    /// let filebody = fs::read(&file_name)?;
+    /// # }
+    /// # let filebody = fs::read("docs/lettre.png")?;
+    /// let content_type = ContentType::parse("image/jpeg").unwrap();
+    /// let attachment =
+    ///     Attachment::new_inline_with_name(content_id, file_name).body(filebody, content_type);
+    ///
+    /// // The image `attachment` will display inline into the email.
+    /// # Ok(())
+    /// # }
+    /// ```
+    pub fn new_inline_with_name(content_id: String, name: String) -> Self {
+        Attachment {
+            disposition: Disposition::Inline {
+                content_id,
+                name: Some(name),
+            },
        }
    }

@@ -95,9 +141,18 @@ impl Attachment {
            Disposition::Attached(filename) => {
                builder.header(header::ContentDisposition::attachment(&filename))
            }
-            Disposition::Inline(content_id) => builder
+            Disposition::Inline {
+                content_id,
+                name: None,
+            } => builder
                .header(header::ContentId::from(format!("<{content_id}>")))
                .header(header::ContentDisposition::inline()),
+            Disposition::Inline {
+                content_id,
+                name: Some(name),
+            } => builder
+                .header(header::ContentId::from(format!("<{content_id}>")))
+                .header(header::ContentDisposition::inline_with_name(&name)),
        };
        builder = builder.header(content_type);
        builder.body(content)
@@ -142,4 +197,24 @@ mod tests {
            )
        );
    }
+
+    #[test]
+    fn attachment_inline_with_name() {
+        let id = String::from("id");
+        let name = String::from("test");
+        let part = super::Attachment::new_inline_with_name(id, name).body(
+            String::from("Hello world!"),
+            ContentType::parse("text/plain").unwrap(),
+        );
+        assert_eq!(
+            &String::from_utf8_lossy(&part.formatted()),
+            concat!(
+                "Content-ID: <id>\r\n",
+                "Content-Disposition: inline; filename=\"test\"\r\n",
+                "Content-Type: text/plain\r\n",
+                "Content-Transfer-Encoding: 7bit\r\n\r\n",
+                "Hello world!\r\n"
+            )
+        );
+    }
 }
--- a/src/time.rs
+++ b/src/time.rs
@@ -1,6 +1,6 @@
 use std::time::SystemTime;

-#[cfg(feature = "web")]
+#[cfg(all(feature = "web", target_arch = "wasm32"))]
 pub(crate) fn now() -> SystemTime {
    fn to_std_systemtime(time: web_time::SystemTime) -> std::time::SystemTime {
        let duration = time
@@ -18,7 +18,7 @@ pub(crate) fn now() -> SystemTime {
    to_std_systemtime(web_time::SystemTime::now())
 }

-#[cfg(not(feature = "web"))]
+#[cfg(not(all(feature = "web", target_arch = "wasm32")))]
 pub(crate) fn now() -> SystemTime {
    // FIXME: change to #[expect(clippy::disallowed_methods, reason = "the `web` feature is disabled")]
    #[allow(clippy::disallowed_methods)]
--- a/src/transport/file/error.rs
+++ b/src/transport/file/error.rs
@@ -34,6 +34,7 @@ impl Error {

    /// Returns true if the error is an envelope serialization or deserialization error
    #[cfg(feature = "file-transport-envelope")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "file-transport-envelope")))]
    pub fn is_envelope(&self) -> bool {
        matches!(self.inner.kind, Kind::Envelope)
    }
--- a/src/transport/file/mod.rs
+++ b/src/transport/file/mod.rs
@@ -173,7 +173,7 @@ pub struct FileTransport {
 }

 /// Asynchronously writes the content and the envelope information to a file
-#[derive(Debug, Clone)]
+#[derive(Debug)]
 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
 #[cfg_attr(docsrs, doc(cfg(any(feature = "tokio1", feature = "async-std1"))))]
 #[cfg(any(feature = "async-std1", feature = "tokio1"))]
@@ -199,6 +199,7 @@ impl FileTransport {
    /// Writes the email content in eml format and the envelope
    /// in json format.
    #[cfg(feature = "file-transport-envelope")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "file-transport-envelope")))]
    pub fn with_envelope<P: AsRef<Path>>(path: P) -> FileTransport {
        FileTransport {
            path: PathBuf::from(path.as_ref()),
@@ -211,6 +212,7 @@ impl FileTransport {
    ///
    /// Reads the envelope and the raw message content.
    #[cfg(feature = "file-transport-envelope")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "file-transport-envelope")))]
    pub fn read(&self, email_id: &str) -> Result<(Envelope, Vec<u8>), Error> {
        use std::fs;

@@ -249,6 +251,7 @@ where
    /// Writes the email content in eml format and the envelope
    /// in json format.
    #[cfg(feature = "file-transport-envelope")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "file-transport-envelope")))]
    pub fn with_envelope<P: AsRef<Path>>(path: P) -> Self {
        Self {
            inner: FileTransport::with_envelope(path),
@@ -260,6 +263,7 @@ where
    ///
    /// Reads the envelope and the raw message content.
    #[cfg(feature = "file-transport-envelope")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "file-transport-envelope")))]
    pub async fn read(&self, email_id: &str) -> Result<(Envelope, Vec<u8>), Error> {
        let eml_file = self.inner.path.join(format!("{email_id}.eml"));
        let eml = E::fs_read(&eml_file).await.map_err(error::io)?;
@@ -272,6 +276,16 @@ where
    }
 }

+#[cfg(any(feature = "async-std1", feature = "tokio1"))]
+impl<E: Executor> Clone for AsyncFileTransport<E> {
+    fn clone(&self) -> Self {
+        Self {
+            inner: self.inner.clone(),
+            marker_: PhantomData,
+        }
+    }
+}
+
 impl Transport for FileTransport {
    type Ok = Id;
    type Error = Error;
--- a/src/transport/smtp/async_transport.rs
+++ b/src/transport/smtp/async_transport.rs
@@ -234,7 +234,7 @@ where
    /// a proper URL encoder, like the following cargo script:
    ///
    /// ```rust
-    /// # let _ = r#"
+    /// # const TOML: &str = r#"
    /// #!/usr/bin/env cargo
    ///
    /// //! ```cargo
--- a/src/transport/smtp/authentication.rs
+++ b/src/transport/smtp/authentication.rs
@@ -19,9 +19,6 @@ pub struct Credentials {

 impl Credentials {
    /// Create a `Credentials` struct from username and password
-    ///
-    /// When using [`Mechanism::Xoauth2`], `password` is the raw
-    /// bearer access token.
    pub fn new(username: String, password: String) -> Credentials {
        Credentials {
            authentication_identity: username,
--- a/src/transport/smtp/client/async_connection.rs
+++ b/src/transport/smtp/client/async_connection.rs
@@ -54,6 +54,7 @@ impl AsyncSmtpConnection {
    ///
    /// Sends EHLO and parses server information
    #[cfg(feature = "tokio1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "tokio1")))]
    pub async fn connect_with_transport(
        stream: Box<dyn AsyncTokioStream>,
        hello_name: &ClientId,
@@ -94,6 +95,7 @@ impl AsyncSmtpConnection {
    /// # }
    /// ```
    #[cfg(feature = "tokio1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "tokio1")))]
    pub async fn connect_tokio1<T: tokio1_crate::net::ToSocketAddrs>(
        server: T,
        timeout: Option<Duration>,
@@ -112,6 +114,7 @@ impl AsyncSmtpConnection {
    ///
    /// Sends EHLO and parses server information
    #[cfg(feature = "async-std1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "async-std1")))]
    pub async fn connect_asyncstd1<T: async_std::net::ToSocketAddrs>(
        server: T,
        timeout: Option<Duration>,
@@ -376,6 +379,10 @@ impl AsyncSmtpConnection {

    /// The X509 certificate of the server (DER encoded)
    #[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+    )]
    pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
        self.stream.get_ref().peer_certificate()
    }
@@ -392,12 +399,14 @@ impl AsyncSmtpConnection {
    /// as the TLSA records match the leaf or issuer certificates.
    /// It cannot be called on non Boring TLS streams.
    #[cfg(feature = "boring-tls")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "boring-tls")))]
    pub fn tls_verify_result(&self) -> Result<(), Error> {
        self.stream.get_ref().tls_verify_result()
    }

    /// All the X509 certificates of the chain (DER encoded)
    #[cfg(any(feature = "rustls", feature = "boring-tls"))]
+    #[cfg_attr(docsrs, doc(cfg(any(feature = "rustls", feature = "boring-tls"))))]
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
        self.stream.get_ref().certificate_chain()
    }
--- a/src/transport/smtp/client/async_net.rs
+++ b/src/transport/smtp/client/async_net.rs
@@ -9,11 +9,11 @@ use std::{
 #[cfg(feature = "async-std1")]
 use async_std::net::{TcpStream as AsyncStd1TcpStream, ToSocketAddrs as AsyncStd1ToSocketAddrs};
 use futures_io::{
-    AsyncRead as FuturesAsyncRead, AsyncWrite as FuturesAsyncWrite, Error as IoError, ErrorKind,
+    AsyncRead as FuturesAsyncRead, AsyncWrite as FuturesAsyncWrite, Error as IoError,
    Result as IoResult,
 };
 #[cfg(feature = "async-std1-rustls")]
-use futures_rustls::client::TlsStream as AsyncStd1RustlsTlsStream;
+use futures_rustls::client::TlsStream as AsyncStd1RustlsStream;
 #[cfg(any(feature = "tokio1-rustls", feature = "async-std1-rustls"))]
 use rustls::pki_types::ServerName;
 #[cfg(feature = "tokio1-boring-tls")]
@@ -28,7 +28,7 @@ use tokio1_crate::net::{
 #[cfg(feature = "tokio1-native-tls")]
 use tokio1_native_tls_crate::TlsStream as Tokio1TlsStream;
 #[cfg(feature = "tokio1-rustls")]
-use tokio1_rustls::client::TlsStream as Tokio1RustlsTlsStream;
+use tokio1_rustls::client::TlsStream as Tokio1RustlsStream;

 #[cfg(any(
    feature = "tokio1-native-tls",
@@ -79,7 +79,7 @@ enum InnerAsyncNetworkStream {
    Tokio1NativeTls(Tokio1TlsStream<Box<dyn AsyncTokioStream>>),
    /// Encrypted Tokio 1.x TCP stream
    #[cfg(feature = "tokio1-rustls")]
-    Tokio1RustlsTls(Tokio1RustlsTlsStream<Box<dyn AsyncTokioStream>>),
+    Tokio1Rustls(Tokio1RustlsStream<Box<dyn AsyncTokioStream>>),
    /// Encrypted Tokio 1.x TCP stream
    #[cfg(feature = "tokio1-boring-tls")]
    Tokio1BoringTls(Tokio1SslStream<Box<dyn AsyncTokioStream>>),
@@ -88,7 +88,7 @@ enum InnerAsyncNetworkStream {
    AsyncStd1Tcp(AsyncStd1TcpStream),
    /// Encrypted Tokio 1.x TCP stream
    #[cfg(feature = "async-std1-rustls")]
-    AsyncStd1RustlsTls(AsyncStd1RustlsTlsStream<AsyncStd1TcpStream>),
+    AsyncStd1Rustls(AsyncStd1RustlsStream<AsyncStd1TcpStream>),
    /// Can't be built
    None,
 }
@@ -113,17 +113,16 @@ impl AsyncNetworkStream {
                s.get_ref().get_ref().get_ref().peer_addr()
            }
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(s) => s.get_ref().0.peer_addr(),
+            InnerAsyncNetworkStream::Tokio1Rustls(s) => s.get_ref().0.peer_addr(),
            #[cfg(feature = "tokio1-boring-tls")]
            InnerAsyncNetworkStream::Tokio1BoringTls(s) => s.get_ref().peer_addr(),
            #[cfg(feature = "async-std1")]
            InnerAsyncNetworkStream::AsyncStd1Tcp(s) => s.peer_addr(),
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => s.get_ref().0.peer_addr(),
+            InnerAsyncNetworkStream::AsyncStd1Rustls(s) => s.get_ref().0.peer_addr(),
            InnerAsyncNetworkStream::None => {
                debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
-                Err(IoError::new(
-                    ErrorKind::Other,
+                Err(IoError::other(
                    "InnerAsyncNetworkStream::None must never be built",
                ))
            }
@@ -131,11 +130,13 @@ impl AsyncNetworkStream {
    }

    #[cfg(feature = "tokio1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "tokio1")))]
    pub fn use_existing_tokio1(stream: Box<dyn AsyncTokioStream>) -> AsyncNetworkStream {
        AsyncNetworkStream::new(InnerAsyncNetworkStream::Tokio1Tcp(stream))
    }

    #[cfg(feature = "tokio1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "tokio1")))]
    pub async fn connect_tokio1<T: Tokio1ToSocketAddrs>(
        server: T,
        timeout: Option<Duration>,
@@ -202,6 +203,7 @@ impl AsyncNetworkStream {
    }

    #[cfg(feature = "async-std1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "async-std1")))]
    pub async fn connect_asyncstd1<T: AsyncStd1ToSocketAddrs>(
        server: T,
        timeout: Option<Duration>,
@@ -321,7 +323,7 @@ impl AsyncNetworkStream {

        match tls_parameters.connector {
            #[cfg(feature = "native-tls")]
-            InnerTlsParameters::NativeTls(connector) => {
+            InnerTlsParameters::NativeTls { connector } => {
                #[cfg(not(feature = "tokio1-native-tls"))]
                panic!("built without the tokio1-native-tls feature");

@@ -338,7 +340,7 @@ impl AsyncNetworkStream {
                };
            }
            #[cfg(feature = "rustls")]
-            InnerTlsParameters::RustlsTls(config) => {
+            InnerTlsParameters::Rustls { config } => {
                #[cfg(not(feature = "tokio1-rustls"))]
                panic!("built without the tokio1-rustls feature");

@@ -354,18 +356,21 @@ impl AsyncNetworkStream {
                        .connect(domain.to_owned(), tcp_stream)
                        .await
                        .map_err(error::connection)?;
-                    Ok(InnerAsyncNetworkStream::Tokio1RustlsTls(stream))
+                    Ok(InnerAsyncNetworkStream::Tokio1Rustls(stream))
                };
            }
            #[cfg(feature = "boring-tls")]
-            InnerTlsParameters::BoringTls(connector) => {
+            InnerTlsParameters::BoringTls {
+                connector,
+                accept_invalid_hostnames,
+            } => {
                #[cfg(not(feature = "tokio1-boring-tls"))]
                panic!("built without the tokio1-boring-tls feature");

                #[cfg(feature = "tokio1-boring-tls")]
                return {
                    let mut config = connector.configure().map_err(error::connection)?;
-                    config.set_verify_hostname(tls_parameters.accept_invalid_hostnames);
+                    config.set_verify_hostname(accept_invalid_hostnames);

                    let stream = tokio1_boring::connect(config, &domain, tcp_stream)
                        .await
@@ -386,11 +391,11 @@ impl AsyncNetworkStream {

        match tls_parameters.connector {
            #[cfg(feature = "native-tls")]
-            InnerTlsParameters::NativeTls(connector) => {
+            InnerTlsParameters::NativeTls { connector } => {
                panic!("native-tls isn't supported with async-std yet. See https://github.com/lettre/lettre/pull/531#issuecomment-757893531");
            }
            #[cfg(feature = "rustls")]
-            InnerTlsParameters::RustlsTls(config) => {
+            InnerTlsParameters::Rustls { config } => {
                #[cfg(not(feature = "async-std1-rustls"))]
                panic!("built without the async-std1-rustls feature");

@@ -406,11 +411,11 @@ impl AsyncNetworkStream {
                        .connect(domain.to_owned(), tcp_stream)
                        .await
                        .map_err(error::connection)?;
-                    Ok(InnerAsyncNetworkStream::AsyncStd1RustlsTls(stream))
+                    Ok(InnerAsyncNetworkStream::AsyncStd1Rustls(stream))
                };
            }
            #[cfg(feature = "boring-tls")]
-            InnerTlsParameters::BoringTls(connector) => {
+            InnerTlsParameters::BoringTls { .. } => {
                panic!("boring-tls isn't supported with async-std yet.");
            }
        }
@@ -423,18 +428,19 @@ impl AsyncNetworkStream {
            #[cfg(feature = "tokio1-native-tls")]
            InnerAsyncNetworkStream::Tokio1NativeTls(_) => true,
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(_) => true,
+            InnerAsyncNetworkStream::Tokio1Rustls(_) => true,
            #[cfg(feature = "tokio1-boring-tls")]
            InnerAsyncNetworkStream::Tokio1BoringTls(_) => true,
            #[cfg(feature = "async-std1")]
            InnerAsyncNetworkStream::AsyncStd1Tcp(_) => false,
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(_) => true,
+            InnerAsyncNetworkStream::AsyncStd1Rustls(_) => true,
            InnerAsyncNetworkStream::None => false,
        }
    }

    #[cfg(feature = "boring-tls")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "boring-tls")))]
    pub fn tls_verify_result(&self) -> Result<(), Error> {
        match &self.inner {
            #[cfg(feature = "tokio1")]
@@ -444,7 +450,7 @@ impl AsyncNetworkStream {
            #[cfg(feature = "tokio1-native-tls")]
            InnerAsyncNetworkStream::Tokio1NativeTls(_) => panic!("Unsupported"),
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(_) => panic!("Unsupported"),
+            InnerAsyncNetworkStream::Tokio1Rustls(_) => panic!("Unsupported"),
            #[cfg(feature = "tokio1-boring-tls")]
            InnerAsyncNetworkStream::Tokio1BoringTls(stream) => {
                stream.ssl().verify_result().map_err(error::tls)
@@ -454,10 +460,11 @@ impl AsyncNetworkStream {
                Err(error::client("Connection is not encrypted"))
            }
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(_) => panic!("Unsupported"),
+            InnerAsyncNetworkStream::AsyncStd1Rustls(_) => panic!("Unsupported"),
            InnerAsyncNetworkStream::None => panic!("InnerNetworkStream::None must never be built"),
        }
    }
+
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
        match &self.inner {
            #[cfg(feature = "tokio1")]
@@ -467,7 +474,7 @@ impl AsyncNetworkStream {
            #[cfg(feature = "tokio1-native-tls")]
            InnerAsyncNetworkStream::Tokio1NativeTls(_) => panic!("Unsupported"),
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(stream) => Ok(stream
+            InnerAsyncNetworkStream::Tokio1Rustls(stream) => Ok(stream
                .get_ref()
                .1
                .peer_certificates()
@@ -488,7 +495,7 @@ impl AsyncNetworkStream {
                Err(error::client("Connection is not encrypted"))
            }
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(stream) => Ok(stream
+            InnerAsyncNetworkStream::AsyncStd1Rustls(stream) => Ok(stream
                .get_ref()
                .1
                .peer_certificates()
@@ -515,7 +522,7 @@ impl AsyncNetworkStream {
                .to_der()
                .map_err(error::tls)?),
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(stream) => Ok(stream
+            InnerAsyncNetworkStream::Tokio1Rustls(stream) => Ok(stream
                .get_ref()
                .1
                .peer_certificates()
@@ -535,7 +542,7 @@ impl AsyncNetworkStream {
                Err(error::client("Connection is not encrypted"))
            }
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(stream) => Ok(stream
+            InnerAsyncNetworkStream::AsyncStd1Rustls(stream) => Ok(stream
                .get_ref()
                .1
                .peer_certificates()
@@ -575,7 +582,7 @@ impl FuturesAsyncRead for AsyncNetworkStream {
                }
            }
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(s) => {
+            InnerAsyncNetworkStream::Tokio1Rustls(s) => {
                let mut b = Tokio1ReadBuf::new(buf);
                match Pin::new(s).poll_read(cx, &mut b) {
                    Poll::Ready(Ok(())) => Poll::Ready(Ok(b.filled().len())),
@@ -595,7 +602,7 @@ impl FuturesAsyncRead for AsyncNetworkStream {
            #[cfg(feature = "async-std1")]
            InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_read(cx, buf),
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_read(cx, buf),
+            InnerAsyncNetworkStream::AsyncStd1Rustls(s) => Pin::new(s).poll_read(cx, buf),
            InnerAsyncNetworkStream::None => {
                debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
                Poll::Ready(Ok(0))
@@ -617,13 +624,13 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
            #[cfg(feature = "tokio1-native-tls")]
            InnerAsyncNetworkStream::Tokio1NativeTls(s) => Pin::new(s).poll_write(cx, buf),
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(s) => Pin::new(s).poll_write(cx, buf),
+            InnerAsyncNetworkStream::Tokio1Rustls(s) => Pin::new(s).poll_write(cx, buf),
            #[cfg(feature = "tokio1-boring-tls")]
            InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_write(cx, buf),
            #[cfg(feature = "async-std1")]
            InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_write(cx, buf),
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_write(cx, buf),
+            InnerAsyncNetworkStream::AsyncStd1Rustls(s) => Pin::new(s).poll_write(cx, buf),
            InnerAsyncNetworkStream::None => {
                debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
                Poll::Ready(Ok(0))
@@ -638,13 +645,13 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
            #[cfg(feature = "tokio1-native-tls")]
            InnerAsyncNetworkStream::Tokio1NativeTls(s) => Pin::new(s).poll_flush(cx),
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(s) => Pin::new(s).poll_flush(cx),
+            InnerAsyncNetworkStream::Tokio1Rustls(s) => Pin::new(s).poll_flush(cx),
            #[cfg(feature = "tokio1-boring-tls")]
            InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_flush(cx),
            #[cfg(feature = "async-std1")]
            InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_flush(cx),
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_flush(cx),
+            InnerAsyncNetworkStream::AsyncStd1Rustls(s) => Pin::new(s).poll_flush(cx),
            InnerAsyncNetworkStream::None => {
                debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
                Poll::Ready(Ok(()))
@@ -659,13 +666,13 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
            #[cfg(feature = "tokio1-native-tls")]
            InnerAsyncNetworkStream::Tokio1NativeTls(s) => Pin::new(s).poll_shutdown(cx),
            #[cfg(feature = "tokio1-rustls")]
-            InnerAsyncNetworkStream::Tokio1RustlsTls(s) => Pin::new(s).poll_shutdown(cx),
+            InnerAsyncNetworkStream::Tokio1Rustls(s) => Pin::new(s).poll_shutdown(cx),
            #[cfg(feature = "tokio1-boring-tls")]
            InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_shutdown(cx),
            #[cfg(feature = "async-std1")]
            InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_close(cx),
            #[cfg(feature = "async-std1-rustls")]
-            InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_close(cx),
+            InnerAsyncNetworkStream::AsyncStd1Rustls(s) => Pin::new(s).poll_close(cx),
            InnerAsyncNetworkStream::None => {
                debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
                Poll::Ready(Ok(()))
--- a/src/transport/smtp/client/connection.rs
+++ b/src/transport/smtp/client/connection.rs
@@ -300,6 +300,10 @@ impl SmtpConnection {

    /// The X509 certificate of the server (DER encoded)
    #[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+    )]
    pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
        self.stream.get_ref().peer_certificate()
    }
@@ -316,12 +320,14 @@ impl SmtpConnection {
    /// as the TLSA records match the leaf or issuer certificates.
    /// It cannot be called on non Boring TLS streams.
    #[cfg(feature = "boring-tls")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "boring-tls")))]
    pub fn tls_verify_result(&self) -> Result<(), Error> {
        self.stream.get_ref().tls_verify_result()
    }

    /// All the X509 certificates of the chain (DER encoded)
    #[cfg(any(feature = "rustls", feature = "boring-tls"))]
+    #[cfg_attr(docsrs, doc(cfg(any(feature = "rustls", feature = "boring-tls"))))]
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
        self.stream.get_ref().certificate_chain()
    }
--- a/src/transport/smtp/client/net.rs
+++ b/src/transport/smtp/client/net.rs
@@ -37,7 +37,7 @@ enum InnerNetworkStream {
    NativeTls(TlsStream<TcpStream>),
    /// Encrypted TCP stream
    #[cfg(feature = "rustls")]
-    RustlsTls(StreamOwned<ClientConnection, TcpStream>),
+    Rustls(StreamOwned<ClientConnection, TcpStream>),
    #[cfg(feature = "boring-tls")]
    BoringTls(SslStream<TcpStream>),
    /// Can't be built
@@ -60,7 +60,7 @@ impl NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(s) => s.get_ref().peer_addr(),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(s) => s.get_ref().peer_addr(),
+            InnerNetworkStream::Rustls(s) => s.get_ref().peer_addr(),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(s) => s.get_ref().peer_addr(),
            InnerNetworkStream::None => {
@@ -80,7 +80,7 @@ impl NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(s) => s.get_ref().shutdown(how),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(s) => s.get_ref().shutdown(how),
+            InnerNetworkStream::Rustls(s) => s.get_ref().shutdown(how),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(s) => s.get_ref().shutdown(how),
            InnerNetworkStream::None => {
@@ -174,27 +174,30 @@ impl NetworkStream {
    ) -> Result<InnerNetworkStream, Error> {
        Ok(match &tls_parameters.connector {
            #[cfg(feature = "native-tls")]
-            InnerTlsParameters::NativeTls(connector) => {
+            InnerTlsParameters::NativeTls { connector } => {
                let stream = connector
                    .connect(tls_parameters.domain(), tcp_stream)
                    .map_err(error::connection)?;
                InnerNetworkStream::NativeTls(stream)
            }
            #[cfg(feature = "rustls")]
-            InnerTlsParameters::RustlsTls(connector) => {
+            InnerTlsParameters::Rustls { config } => {
                let domain = ServerName::try_from(tls_parameters.domain())
                    .map_err(|_| error::connection("domain isn't a valid DNS name"))?;
-                let connection = ClientConnection::new(Arc::clone(connector), domain.to_owned())
+                let connection = ClientConnection::new(Arc::clone(config), domain.to_owned())
                    .map_err(error::connection)?;
                let stream = StreamOwned::new(connection, tcp_stream);
-                InnerNetworkStream::RustlsTls(stream)
+                InnerNetworkStream::Rustls(stream)
            }
            #[cfg(feature = "boring-tls")]
-            InnerTlsParameters::BoringTls(connector) => {
+            InnerTlsParameters::BoringTls {
+                connector,
+                accept_invalid_hostnames,
+            } => {
                let stream = connector
                    .configure()
                    .map_err(error::connection)?
-                    .verify_hostname(tls_parameters.accept_invalid_hostnames)
+                    .verify_hostname(*accept_invalid_hostnames)
                    .connect(tls_parameters.domain(), tcp_stream)
                    .map_err(error::connection)?;
                InnerNetworkStream::BoringTls(stream)
@@ -208,7 +211,7 @@ impl NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(_) => true,
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(_) => true,
+            InnerNetworkStream::Rustls(_) => true,
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(_) => true,
            InnerNetworkStream::None => {
@@ -219,13 +222,14 @@ impl NetworkStream {
    }

    #[cfg(feature = "boring-tls")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "boring-tls")))]
    pub fn tls_verify_result(&self) -> Result<(), Error> {
        match &self.inner {
            InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(_) => panic!("Unsupported"),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(_) => panic!("Unsupported"),
+            InnerNetworkStream::Rustls(_) => panic!("Unsupported"),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(stream) => {
                stream.ssl().verify_result().map_err(error::tls)
@@ -235,13 +239,14 @@ impl NetworkStream {
    }

    #[cfg(any(feature = "rustls", feature = "boring-tls"))]
+    #[cfg_attr(docsrs, doc(cfg(any(feature = "rustls", feature = "boring-tls"))))]
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
        match &self.inner {
            InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(_) => panic!("Unsupported"),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(stream) => Ok(stream
+            InnerNetworkStream::Rustls(stream) => Ok(stream
                .conn
                .peer_certificates()
                .unwrap()
@@ -261,6 +266,10 @@ impl NetworkStream {
    }

    #[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+    )]
    pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
        match &self.inner {
            InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
@@ -272,7 +281,7 @@ impl NetworkStream {
                .to_der()
                .map_err(error::tls)?),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(stream) => Ok(stream
+            InnerNetworkStream::Rustls(stream) => Ok(stream
                .conn
                .peer_certificates()
                .unwrap()
@@ -296,7 +305,7 @@ impl NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(stream) => stream.get_ref().set_read_timeout(duration),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(stream) => stream.get_ref().set_read_timeout(duration),
+            InnerNetworkStream::Rustls(stream) => stream.get_ref().set_read_timeout(duration),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(stream) => stream.get_ref().set_read_timeout(duration),
            InnerNetworkStream::None => {
@@ -314,7 +323,7 @@ impl NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(stream) => stream.get_ref().set_write_timeout(duration),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(stream) => stream.get_ref().set_write_timeout(duration),
+            InnerNetworkStream::Rustls(stream) => stream.get_ref().set_write_timeout(duration),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(stream) => stream.get_ref().set_write_timeout(duration),
            InnerNetworkStream::None => {
@@ -332,7 +341,7 @@ impl Read for NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(s) => s.read(buf),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(s) => s.read(buf),
+            InnerNetworkStream::Rustls(s) => s.read(buf),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(s) => s.read(buf),
            InnerNetworkStream::None => {
@@ -350,7 +359,7 @@ impl Write for NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(s) => s.write(buf),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(s) => s.write(buf),
+            InnerNetworkStream::Rustls(s) => s.write(buf),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(s) => s.write(buf),
            InnerNetworkStream::None => {
@@ -366,7 +375,7 @@ impl Write for NetworkStream {
            #[cfg(feature = "native-tls")]
            InnerNetworkStream::NativeTls(s) => s.flush(),
            #[cfg(feature = "rustls")]
-            InnerNetworkStream::RustlsTls(s) => s.flush(),
+            InnerNetworkStream::Rustls(s) => s.flush(),
            #[cfg(feature = "boring-tls")]
            InnerNetworkStream::BoringTls(s) => s.flush(),
            InnerNetworkStream::None => {
--- a/src/transport/smtp/client/tls.rs
+++ b/src/transport/smtp/client/tls.rs
@@ -65,6 +65,16 @@ pub enum TlsVersion {
 /// connecting to a local server.
 #[derive(Clone)]
 #[allow(missing_copy_implementations)]
+#[cfg_attr(
+    not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")),
+    deprecated(
+        note = "starting from lettre v0.12 `Tls` won't be available when none of the TLS backends are enabled"
+    )
+)]
+#[cfg_attr(
+    docsrs,
+    doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+)]
 pub enum Tls {
    /// Insecure (plaintext) connection only.
    ///
@@ -138,14 +148,25 @@ impl Debug for Tls {
 /// Source for the base set of root certificates to trust.
 #[allow(missing_copy_implementations)]
 #[derive(Clone, Debug, Default)]
+#[cfg_attr(
+    not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")),
+    deprecated(
+        note = "starting from lettre v0.12 `CertificateStore` won't be available when none of the TLS backends are enabled"
+    )
+)]
+#[cfg_attr(
+    docsrs,
+    doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+)]
 pub enum CertificateStore {
    /// Use the default for the TLS backend.
    ///
    /// For native-tls, this will use the system certificate store on Windows, the keychain on
    /// macOS, and OpenSSL directories on Linux (usually `/etc/ssl`).
    ///
-    /// For rustls, this will also use the system store if the `rustls-native-certs` feature is
-    /// enabled, or will fall back to `webpki-roots`.
+    /// For rustls, this will use the system certificate verifier if the `rustls-platform-verifier`
+    /// feature is enabled. If the `rustls-native-certs` feature is enabled, system certificate
+    /// store will be used. Otherwise, it will fall back to `webpki-roots`.
    ///
    /// The boring-tls backend uses the same logic as OpenSSL on all platforms.
    #[default]
@@ -161,16 +182,34 @@ pub enum CertificateStore {

 /// Parameters to use for secure clients
 #[derive(Clone)]
+#[cfg_attr(
+    not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")),
+    deprecated(
+        note = "starting from lettre v0.12 `TlsParameters` won't be available when none of the TLS backends are enabled"
+    )
+)]
+#[cfg_attr(
+    docsrs,
+    doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+)]
 pub struct TlsParameters {
    pub(crate) connector: InnerTlsParameters,
    /// The domain name which is expected in the TLS certificate from the server
    pub(super) domain: String,
-    #[cfg(feature = "boring-tls")]
-    pub(super) accept_invalid_hostnames: bool,
 }

 /// Builder for `TlsParameters`
 #[derive(Debug, Clone)]
+#[cfg_attr(
+    not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")),
+    deprecated(
+        note = "starting from lettre v0.12 `TlsParametersBuilder` won't be available when none of the TLS backends are enabled"
+    )
+)]
+#[cfg_attr(
+    docsrs,
+    doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+)]
 pub struct TlsParametersBuilder {
    domain: String,
    cert_store: CertificateStore,
@@ -221,6 +260,8 @@ impl TlsParametersBuilder {

    /// Controls whether certificates with an invalid hostname are accepted
    ///
+    /// This option is silently disabled when using `rustls-platform-verifier`.
+    ///
    /// Defaults to `false`.
    ///
    /// # Warning
@@ -244,6 +285,10 @@ impl TlsParametersBuilder {
    ///
    /// Defaults to [`Tlsv12`][TlsVersion::Tlsv12].
    #[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+    )]
    pub fn set_min_tls_version(mut self, min_tls_version: TlsVersion) -> Self {
        self.min_tls_version = min_tls_version;
        self
@@ -328,10 +373,8 @@ impl TlsParametersBuilder {

        let connector = tls_builder.build().map_err(error::tls)?;
        Ok(TlsParameters {
-            connector: InnerTlsParameters::NativeTls(connector),
+            connector: InnerTlsParameters::NativeTls { connector },
            domain: self.domain,
-            #[cfg(feature = "boring-tls")]
-            accept_invalid_hostnames: self.accept_invalid_hostnames,
        })
    }

@@ -389,9 +432,11 @@ impl TlsParametersBuilder {
            .map_err(error::tls)?;
        let connector = tls_builder.build();
        Ok(TlsParameters {
-            connector: InnerTlsParameters::BoringTls(connector),
-            domain: self.domain,
+            connector: InnerTlsParameters::BoringTls {
+                connector,
                accept_invalid_hostnames: self.accept_invalid_hostnames,
+            },
+            domain: self.domain,
        })
    }

@@ -419,7 +464,10 @@ impl TlsParametersBuilder {
        // Build TLS config
        let mut root_cert_store = RootCertStore::empty();

-        #[cfg(feature = "rustls-native-certs")]
+        #[cfg(all(
+            not(feature = "rustls-platform-verifier"),
+            feature = "rustls-native-certs"
+        ))]
        fn load_native_roots(store: &mut RootCertStore) {
            let rustls_native_certs::CertificateResult { certs, errors, .. } =
                rustls_native_certs::load_native_certs();
@@ -439,11 +487,26 @@ impl TlsParametersBuilder {
            store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
        }

+        #[cfg_attr(not(feature = "rustls-platform-verifier"), allow(unused_mut))]
+        let mut extra_roots = None::<Vec<CertificateDer<'static>>>;
        match self.cert_store {
            CertificateStore::Default => {
-                #[cfg(feature = "rustls-native-certs")]
+                #[cfg(feature = "rustls-platform-verifier")]
+                {
+                    extra_roots = Some(Vec::new());
+                }
+
+                #[cfg(all(
+                    not(feature = "rustls-platform-verifier"),
+                    feature = "rustls-native-certs"
+                ))]
                load_native_roots(&mut root_cert_store);
-                #[cfg(all(not(feature = "rustls-native-certs"), feature = "webpki-roots"))]
+
+                #[cfg(all(
+                    not(feature = "rustls-platform-verifier"),
+                    not(feature = "rustls-native-certs"),
+                    feature = "webpki-roots"
+                ))]
                load_webpki_roots(&mut root_cert_store);
            }
            #[cfg(all(feature = "rustls", feature = "webpki-roots"))]
@@ -454,11 +517,17 @@ impl TlsParametersBuilder {
        }
        for cert in self.root_certs {
            for rustls_cert in cert.rustls {
+                #[cfg(feature = "rustls-platform-verifier")]
+                if let Some(extra_roots) = &mut extra_roots {
+                    extra_roots.push(rustls_cert.clone());
+                }
                root_cert_store.add(rustls_cert).map_err(error::tls)?;
            }
        }

-        let tls = if self.accept_invalid_certs || self.accept_invalid_hostnames {
+        let tls = if self.accept_invalid_certs
+            || (extra_roots.is_none() && self.accept_invalid_hostnames)
+        {
            let verifier = InvalidCertsVerifier {
                ignore_invalid_hostnames: self.accept_invalid_hostnames,
                ignore_invalid_certs: self.accept_invalid_certs,
@@ -467,8 +536,24 @@ impl TlsParametersBuilder {
            };
            tls.dangerous()
                .with_custom_certificate_verifier(Arc::new(verifier))
+        } else {
+            #[cfg(feature = "rustls-platform-verifier")]
+            if let Some(extra_roots) = extra_roots {
+                tls.dangerous().with_custom_certificate_verifier(Arc::new(
+                    rustls_platform_verifier::Verifier::new_with_extra_roots(
+                        extra_roots,
+                        crypto_provider,
+                    )
+                    .map_err(error::tls)?,
+                ))
            } else {
                tls.with_root_certificates(root_cert_store)
+            }
+
+            #[cfg(not(feature = "rustls-platform-verifier"))]
+            {
+                tls.with_root_certificates(root_cert_store)
+            }
        };

        let tls = if let Some(identity) = self.identity {
@@ -480,10 +565,10 @@ impl TlsParametersBuilder {
        };

        Ok(TlsParameters {
-            connector: InnerTlsParameters::RustlsTls(Arc::new(tls)),
+            connector: InnerTlsParameters::Rustls {
+                config: Arc::new(tls),
+            },
            domain: self.domain,
-            #[cfg(feature = "boring-tls")]
-            accept_invalid_hostnames: self.accept_invalid_hostnames,
        })
    }
 }
@@ -492,11 +577,14 @@ impl TlsParametersBuilder {
 #[allow(clippy::enum_variant_names)]
 pub(crate) enum InnerTlsParameters {
    #[cfg(feature = "native-tls")]
-    NativeTls(TlsConnector),
+    NativeTls { connector: TlsConnector },
    #[cfg(feature = "rustls")]
-    RustlsTls(Arc<ClientConfig>),
+    Rustls { config: Arc<ClientConfig> },
    #[cfg(feature = "boring-tls")]
-    BoringTls(SslConnector),
+    BoringTls {
+        connector: SslConnector,
+        accept_invalid_hostnames: bool,
+    },
 }

 impl TlsParameters {
@@ -545,6 +633,16 @@ impl TlsParameters {
 /// A certificate that can be used with [`TlsParametersBuilder::add_root_certificate`]
 #[derive(Clone)]
 #[allow(missing_copy_implementations)]
+#[cfg_attr(
+    not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")),
+    deprecated(
+        note = "starting from lettre v0.12 `Certificate` won't be available when none of the TLS backends are enabled"
+    )
+)]
+#[cfg_attr(
+    docsrs,
+    doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+)]
 pub struct Certificate {
    #[cfg(feature = "native-tls")]
    native_tls: native_tls::Certificate,
@@ -608,6 +706,16 @@ impl Debug for Certificate {

 /// An identity that can be used with [`TlsParametersBuilder::identify_with`]
 #[allow(missing_copy_implementations)]
+#[cfg_attr(
+    not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")),
+    deprecated(
+        note = "starting from lettre v0.12 `Identity` won't be available when none of the TLS backends are enabled"
+    )
+)]
+#[cfg_attr(
+    docsrs,
+    doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
+)]
 pub struct Identity {
    #[cfg(feature = "native-tls")]
    native_tls: native_tls::Identity,
--- a/src/transport/smtp/connection_url.rs
+++ b/src/transport/smtp/connection_url.rs
@@ -13,6 +13,7 @@ use super::{

 pub(crate) trait TransportBuilder {
    fn new<T: Into<String>>(server: T) -> Self;
+    #[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
    fn tls(self, tls: super::Tls) -> Self;
    fn port(self, port: u16) -> Self;
    fn credentials(self, credentials: Credentials) -> Self;
@@ -24,6 +25,7 @@ impl TransportBuilder for SmtpTransportBuilder {
        Self::new(server)
    }

+    #[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
    fn tls(self, tls: super::Tls) -> Self {
        self.tls(tls)
    }
@@ -47,6 +49,7 @@ impl TransportBuilder for AsyncSmtpTransportBuilder {
        Self::new(server)
    }

+    #[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
    fn tls(self, tls: super::Tls) -> Self {
        self.tls(tls)
    }
--- a/src/transport/smtp/pool/async_impl.rs
+++ b/src/transport/smtp/pool/async_impl.rs
@@ -149,11 +149,7 @@ impl<E: Executor> Pool<E> {
    pub(crate) async fn shutdown(&self) {
        let connections = { self.connections.lock().await.take() };
        if let Some(connections) = connections {
-            stream::iter(connections)
-                .for_each_concurrent(8, |conn| async move {
-                    conn.unpark().abort().await;
-                })
-                .await;
+            abort_concurrent(connections.into_iter().map(ParkedConnection::unpark)).await;
        }

        if let Some(handle) = self.handle.get() {
--- a/src/transport/smtp/transport.rs
+++ b/src/transport/smtp/transport.rs
@@ -177,7 +177,7 @@ impl SmtpTransport {
    /// a proper URL encoder, like the following cargo script:
    ///
    /// ```rust
-    /// # let _ = r#"
+    /// # const TOML: &str = r#"
    /// #!/usr/bin/env cargo
    ///
    /// //! ```cargo
--- a/src/transport/stub/mod.rs
+++ b/src/transport/stub/mod.rs
@@ -43,13 +43,11 @@
 use std::{
    error::Error as StdError,
    fmt,
-    sync::{Arc, Mutex as StdMutex},
+    sync::{Arc, Mutex},
 };

 #[cfg(any(feature = "tokio1", feature = "async-std1"))]
 use async_trait::async_trait;
-#[cfg(any(feature = "tokio1", feature = "async-std1"))]
-use futures_util::lock::Mutex as FuturesMutex;

 #[cfg(any(feature = "tokio1", feature = "async-std1"))]
 use crate::AsyncTransport;
@@ -72,7 +70,7 @@ impl StdError for Error {}
 #[derive(Debug, Clone)]
 pub struct StubTransport {
    response: Result<(), Error>,
-    message_log: Arc<StdMutex<Vec<(Envelope, String)>>>,
+    message_log: Arc<Mutex<Vec<(Envelope, String)>>>,
 }

 /// This transport logs messages and always returns the given response
@@ -81,7 +79,7 @@ pub struct StubTransport {
 #[cfg_attr(docsrs, doc(cfg(any(feature = "tokio1", feature = "async-std1"))))]
 pub struct AsyncStubTransport {
    response: Result<(), Error>,
-    message_log: Arc<FuturesMutex<Vec<(Envelope, String)>>>,
+    message_log: Arc<Mutex<Vec<(Envelope, String)>>>,
 }

 impl StubTransport {
@@ -89,7 +87,7 @@ impl StubTransport {
    pub fn new(response: Result<(), Error>) -> Self {
        Self {
            response,
-            message_log: Arc::new(StdMutex::new(vec![])),
+            message_log: Arc::new(Mutex::new(vec![])),
        }
    }

@@ -97,7 +95,7 @@ impl StubTransport {
    pub fn new_ok() -> Self {
        Self {
            response: Ok(()),
-            message_log: Arc::new(StdMutex::new(vec![])),
+            message_log: Arc::new(Mutex::new(vec![])),
        }
    }

@@ -105,7 +103,7 @@ impl StubTransport {
    pub fn new_error() -> Self {
        Self {
            response: Err(Error),
-            message_log: Arc::new(StdMutex::new(vec![])),
+            message_log: Arc::new(Mutex::new(vec![])),
        }
    }

@@ -124,7 +122,7 @@ impl AsyncStubTransport {
    pub fn new(response: Result<(), Error>) -> Self {
        Self {
            response,
-            message_log: Arc::new(FuturesMutex::new(vec![])),
+            message_log: Arc::new(Mutex::new(vec![])),
        }
    }

@@ -132,7 +130,7 @@ impl AsyncStubTransport {
    pub fn new_ok() -> Self {
        Self {
            response: Ok(()),
-            message_log: Arc::new(FuturesMutex::new(vec![])),
+            message_log: Arc::new(Mutex::new(vec![])),
        }
    }

@@ -140,14 +138,14 @@ impl AsyncStubTransport {
    pub fn new_error() -> Self {
        Self {
            response: Err(Error),
-            message_log: Arc::new(FuturesMutex::new(vec![])),
+            message_log: Arc::new(Mutex::new(vec![])),
        }
    }

    /// Return all logged messages sent using [`AsyncTransport::send_raw`]
    #[cfg(any(feature = "tokio1", feature = "async-std1"))]
    pub async fn messages(&self) -> Vec<(Envelope, String)> {
-        self.message_log.lock().await.clone()
+        self.message_log.lock().unwrap().clone()
    }
 }

@@ -173,7 +171,7 @@ impl AsyncTransport for AsyncStubTransport {
    async fn send_raw(&self, envelope: &Envelope, email: &[u8]) -> Result<Self::Ok, Self::Error> {
        self.message_log
            .lock()
-            .await
+            .unwrap()
            .push((envelope.clone(), String::from_utf8_lossy(email).into()));
        self.response
    }
Author	SHA1	Message	Date
Paolo Barbolini	036062a084	Prepare v0.11.18	2025-07-28 09:38:52 +02:00
Francesco Luzzi	8873153178	feat: add ability to give a name to an inline attachment (#1101 )	2025-07-21 08:19:31 +02:00
Paolo Barbolini	b073df7666	build(deps): upgrade socket2 to v0.6 (#1098 )	2025-07-05 12:09:17 +02:00
Paolo Barbolini	cf6b767a9c	Prepare v0.11.17 (#1093 )	2025-06-05 21:41:17 +02:00
Paolo Barbolini	d3d8e24824	feat: add `rustls-platform-verifier` support (#1081 )	2025-06-02 10:43:17 +02:00
Paolo Barbolini	c4df9730aa	refactor(smtp/pool): remove duplicate abort_concurrent implementation (#1092 )	2025-05-24 16:37:54 +02:00
Paolo Barbolini	bfed19e6ad	refactor(stub): always use std Mutex (#1091 )	2025-05-24 14:34:09 +00:00
David Campbell	629967ac98	docs: use `Mailbox::new` rather than string parsing (#1090 )	2025-05-24 16:21:15 +02:00
Paolo Barbolini	06e381ec9c	Prepare v0.11.16 (#1089 )	2025-05-12 11:16:14 +02:00
Paolo Barbolini	d9ce9a6e47	chore: deprecate ungated TLS types _when_ no TLS backend is enabled (#1084 )	2025-05-11 09:36:47 +02:00
Paolo Barbolini	e892b55b6b	build(deps): upgrade webpki-roots to v1 (#1088 )	2025-05-06 12:37:39 +00:00
Paolo Barbolini	771d212198	build: gate `web-time` behind `cfg(target_arch = "wasm32")` (#1086 )	2025-05-01 18:32:26 +02:00
Paolo Barbolini	83ba93944d	docs: add missing `doc(cfg(...))` attributes (#1085 )	2025-05-01 18:16:40 +02:00
Paolo Barbolini	de3ab006e2	fix: feature gate internal `TransportBuilder::tls` to avoid recursive call site (#1083 )	2025-05-01 15:09:07 +02:00
Paolo Barbolini	9504b7f45c	refactor: cleanup internal `TlsParameters` and `(Async)NetworkStream` config (#1082 )	2025-05-01 14:00:56 +02:00
dependabot[bot]	c91b356a96	build(deps): bump tokio from 1.44.1 to 1.44.2 (#1080 ) Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.44.1 to 1.44.2. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.44.1...tokio-1.44.2) --- updated-dependencies: - dependency-name: tokio dependency-version: 1.44.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-08 06:57:33 +02:00
dependabot[bot]	118c1ad47f	build(deps): bump openssl from 0.10.71 to 0.10.72 (#1079 ) Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.71 to 0.10.72. - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...openssl-v0.10.72) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.72 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-06 11:49:28 +02:00
Paolo Barbolini	8bf4d3a9c1	style: fix `clippy::io_other_error` (#1078 )	2025-04-03 10:28:06 +00:00
Paolo Barbolini	1fcff673ba	fix: remove `E: Clone` bound from `AsyncFileTransport` `Clone` impl (#1075 )	2025-04-03 08:05:39 +00:00
Paolo Barbolini	8c70c0cfb4	build(deps): upgrade semver compatible dependencies (#1076 )	2025-04-03 07:54:06 +00:00
Paolo Barbolini	63d8d30088	fix: let cannot be used for global variables (#1077 )	2025-04-03 09:50:06 +02:00