Prepare v0.11.13 (#1044 )

refactor: simplify handling of WASM web-time (#1042 )
feat: add WASM support via web-time (#1037 )
2025-02-17 11:48:42 +01:00 · 2025-02-17 09:05:22 +00:00 · 2025-02-17 09:53:19 +01:00 · 2025-02-17 09:51:45 +01:00 · 2025-02-07 08:29:06 +01:00 · 2025-02-03 20:51:45 +01:00
14 changed files with 141 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+<a name="v0.11.13"></a>
+### v0.11.13 (2025-02-17)
+
+#### Features
+
+* Add WASM support ([#1037], [#1042])
+* Add method to get the TLS verify result with BoringSSL ([#1039])
+
+#### Bug fixes
+
+* Synchronous pool shutdowns being arbitrarily delayed ([#1041])
+
+[#1037]: https://github.com/lettre/lettre/pull/1037
+[#1039]: https://github.com/lettre/lettre/pull/1039
+[#1041]: https://github.com/lettre/lettre/pull/1041
+[#1042]: https://github.com/lettre/lettre/pull/1042
+
 <a name="v0.11.12"></a>
 ### v0.11.12 (2025-02-02)

--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1189,7 +1189,7 @@ dependencies = [

 [[package]]
 name = "lettre"
-version = "0.11.12"
+version = "0.11.13"
 dependencies = [
 "async-std",
 "async-trait",
@@ -1233,6 +1233,7 @@ dependencies = [
 "url",
 "uuid",
 "walkdir",
+ "web-time",
 "webpki-roots",
 ]

@@ -1447,9 +1448,9 @@ checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9"

 [[package]]
 name = "openssl"
-version = "0.10.68"
+version = "0.10.70"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
+checksum = "61cfb4e166a8bb8c9b55c500bc2308550148ece889be90f609377e58140f42c6"
 dependencies = [
 "bitflags",
 "cfg-if",
@@ -1479,9 +1480,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"

 [[package]]
 name = "openssl-sys"
-version = "0.9.104"
+version = "0.9.105"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
+checksum = "8b22d5b84be05a8d6947c7cb71f7c849aa0f112acd4bf51c2a7c1c988ac0a9dc"
 dependencies = [
 "cc",
 "libc",
@@ -2442,6 +2443,16 @@ dependencies = [
 "wasm-bindgen",
 ]

+[[package]]
+name = "web-time"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "webpki-roots"
 version = "0.26.7"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "lettre"
 # remember to update html_root_url and README.md (Cargo.toml example and deps.rs badge)
-version = "0.11.12"
+version = "0.11.13"
 description = "Email client"
 readme = "README.md"
 homepage = "https://lettre.rs"
@@ -75,6 +75,9 @@ ed25519-dalek = { version = "2", optional = true }
 # email formats
 email_address = { version = "0.2.1", default-features = false }

+# webtime for wasm support
+web-time = { version = "1.1.0", optional = true }
+
 [dev-dependencies]
 pretty_assertions = "1"
 criterion = "0.5"
@@ -122,6 +125,9 @@ tokio1-boring-tls = ["tokio1", "boring-tls", "dep:tokio1_boring"]

 dkim = ["dep:base64", "dep:sha2", "dep:rsa", "dep:ed25519-dalek"]

+# wasm support
+web = ["dep:web-time"]
+
 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(lettre_ignore_tls_mismatch)'] }

--- a/README.md
+++ b/README.md
@@ -28,8 +28,8 @@
 </div>

 <div align="center">
-  <a href="https://deps.rs/crate/lettre/0.11.12">
-    <img src="https://deps.rs/crate/lettre/0.11.12/status.svg"
+  <a href="https://deps.rs/crate/lettre/0.11.13">
+    <img src="https://deps.rs/crate/lettre/0.11.13/status.svg"
      alt="dependency status" />
  </a>
 </div>
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -107,6 +107,7 @@
 //! * **tracing**: Logging using the `tracing` crate
 //! * **mime03**: Allow creating a [`ContentType`] from an existing [mime 0.3] `Mime` struct
 //! * **dkim**: Add support for signing email with DKIM
+//! * **web**: WebAssembly support using the `web-time` crate for time operations
 //!
 //! [`SMTP`]: crate::transport::smtp
 //! [`sendmail`]: crate::transport::sendmail
@@ -121,7 +122,7 @@
 //! [mime 0.3]: https://docs.rs/mime/0.3
 //! [DKIM]: https://datatracker.ietf.org/doc/html/rfc6376

-#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.12")]
+#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.13")]
 #![doc(html_favicon_url = "https://lettre.rs/favicon.ico")]
 #![doc(html_logo_url = "https://avatars0.githubusercontent.com/u/15113230?v=4")]
 #![forbid(unsafe_code)]
@@ -218,6 +219,7 @@ mod executor;
 #[cfg(feature = "builder")]
 #[cfg_attr(docsrs, doc(cfg(feature = "builder")))]
 pub mod message;
+mod time;
 pub mod transport;

 use std::error::Error as StdError;
--- a/src/message/dkim.rs
+++ b/src/message/dkim.rs
@@ -346,6 +346,9 @@ fn dkim_canonicalize_headers<'a>(
 /// Sign with Dkim a message by adding Dkim-Signature header created with configuration expressed by
 /// `dkim_config`
 pub fn dkim_sign(message: &mut Message, dkim_config: &DkimConfig) {
+    #[cfg(feature = "web")]
+    dkim_sign_fixed_time(message, dkim_config, crate::time::now());
+    #[cfg(not(feature = "web"))]
    dkim_sign_fixed_time(message, dkim_config, SystemTime::now());
 }

--- a/src/message/header/date.rs
+++ b/src/message/header/date.rs
@@ -21,7 +21,7 @@ impl Date {
    ///
    /// Shortcut for `Date::new(SystemTime::now())`
    pub fn now() -> Self {
-        Self::new(SystemTime::now())
+        Self::new(crate::time::now())
    }
 }

--- a/src/message/mod.rs
+++ b/src/message/mod.rs
@@ -277,7 +277,7 @@ impl MessageBuilder {
    /// Shortcut for `self.date(SystemTime::now())`, it is automatically inserted
    /// if no date has been provided.
    pub fn date_now(self) -> Self {
-        self.date(SystemTime::now())
+        self.date(crate::time::now())
    }

    /// Set or add mailbox to `ReplyTo` header
--- a/src/time.rs
+++ b/src/time.rs
@@ -0,0 +1,18 @@
+use std::time::SystemTime;
+
+#[cfg(feature = "web")]
+pub(crate) fn now() -> SystemTime {
+    fn to_std_systemtime(time: web_time::SystemTime) -> std::time::SystemTime {
+        let duration = time
+            .duration_since(web_time::SystemTime::UNIX_EPOCH)
+            .unwrap();
+        SystemTime::UNIX_EPOCH + duration
+    }
+
+    to_std_systemtime(web_time::SystemTime::now())
+}
+
+#[cfg(not(feature = "web"))]
+pub(crate) fn now() -> SystemTime {
+    SystemTime::now()
+}
--- a/src/transport/smtp/client/async_connection.rs
+++ b/src/transport/smtp/client/async_connection.rs
@@ -373,6 +373,22 @@ impl AsyncSmtpConnection {
        self.stream.get_ref().peer_certificate()
    }

+    /// Currently this is only avaialable when using Boring TLS and
+    /// returns the result of the verification of the TLS certificate
+    /// presented by the peer, if any. Only the last error encountered
+    /// during verification is presented.
+    /// It can be useful when you don't want to fail outright the TLS
+    /// negotiation, for example when a self-signed certificate is
+    /// encountered, but still want to record metrics or log the fact.
+    /// When using DANE verification, the PKI root of trust moves from
+    /// the CAs to DNS, so self-signed certificates are permitted as long
+    /// as the TLSA records match the leaf or issuer certificates.
+    /// It cannot be called on non Boring TLS streams.
+    #[cfg(feature = "boring-tls")]
+    pub fn tls_verify_result(&self) -> Result<(), Error> {
+        self.stream.get_ref().tls_verify_result()
+    }
+
    /// All the X509 certificates of the chain (DER encoded)
    #[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
--- a/src/transport/smtp/client/async_net.rs
+++ b/src/transport/smtp/client/async_net.rs
@@ -429,6 +429,30 @@ impl AsyncNetworkStream {
        }
    }

+    #[cfg(feature = "boring-tls")]
+    pub fn tls_verify_result(&self) -> Result<(), Error> {
+        match &self.inner {
+            #[cfg(feature = "tokio1")]
+            InnerAsyncNetworkStream::Tokio1Tcp(_) => {
+                Err(error::client("Connection is not encrypted"))
+            }
+            #[cfg(feature = "tokio1-native-tls")]
+            InnerAsyncNetworkStream::Tokio1NativeTls(_) => panic!("Unsupported"),
+            #[cfg(feature = "tokio1-rustls-tls")]
+            InnerAsyncNetworkStream::Tokio1RustlsTls(_) => panic!("Unsupported"),
+            #[cfg(feature = "tokio1-boring-tls")]
+            InnerAsyncNetworkStream::Tokio1BoringTls(stream) => {
+                stream.ssl().verify_result().map_err(error::tls)
+            }
+            #[cfg(feature = "async-std1")]
+            InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
+                Err(error::client("Connection is not encrypted"))
+            }
+            #[cfg(feature = "async-std1-rustls-tls")]
+            InnerAsyncNetworkStream::AsyncStd1RustlsTls(_) => panic!("Unsupported"),
+            InnerAsyncNetworkStream::None => panic!("InnerNetworkStream::None must never be built"),
+        }
+    }
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
        match &self.inner {
            #[cfg(feature = "tokio1")]
--- a/src/transport/smtp/client/connection.rs
+++ b/src/transport/smtp/client/connection.rs
@@ -308,6 +308,22 @@ impl SmtpConnection {
        self.stream.get_ref().peer_certificate()
    }

+    /// Currently this is only avaialable when using Boring TLS and
+    /// returns the result of the verification of the TLS certificate
+    /// presented by the peer, if any. Only the last error encountered
+    /// during verification is presented.
+    /// It can be useful when you don't want to fail outright the TLS
+    /// negotiation, for example when a self-signed certificate is
+    /// encountered, but still want to record metrics or log the fact.
+    /// When using DANE verification, the PKI root of trust moves from
+    /// the CAs to DNS, so self-signed certificates are permitted as long
+    /// as the TLSA records match the leaf or issuer certificates.
+    /// It cannot be called on non Boring TLS streams.
+    #[cfg(feature = "boring-tls")]
+    pub fn tls_verify_result(&self) -> Result<(), Error> {
+        self.stream.get_ref().tls_verify_result()
+    }
+
    /// All the X509 certificates of the chain (DER encoded)
    #[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
--- a/src/transport/smtp/client/net.rs
+++ b/src/transport/smtp/client/net.rs
@@ -222,6 +222,22 @@ impl NetworkStream {
        }
    }

+    #[cfg(feature = "boring-tls")]
+    pub fn tls_verify_result(&self) -> Result<(), Error> {
+        match &self.inner {
+            InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
+            #[cfg(feature = "native-tls")]
+            InnerNetworkStream::NativeTls(_) => panic!("Unsupported"),
+            #[cfg(feature = "rustls-tls")]
+            InnerNetworkStream::RustlsTls(_) => panic!("Unsupported"),
+            #[cfg(feature = "boring-tls")]
+            InnerNetworkStream::BoringTls(stream) => {
+                stream.ssl().verify_result().map_err(error::tls)
+            }
+            InnerNetworkStream::None => panic!("InnerNetworkStream::None must never be built"),
+        }
+    }
+
    #[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
        match &self.inner {
--- a/src/transport/smtp/pool/sync_impl.rs
+++ b/src/transport/smtp/pool/sync_impl.rs
@@ -109,6 +109,7 @@ impl Pool {
                            }
                        }

+                        drop(pool);
                        thread::sleep(idle_timeout);
                    }
                })
Author	SHA1	Message	Date
Paolo Barbolini	dabc88a053	Prepare v0.11.13 (#1044 )	2025-02-17 11:48:42 +01:00
Paolo Barbolini	9cdefcea09	refactor: simplify handling of WASM `web-time` (#1042 )	2025-02-17 09:05:22 +00:00
Abid Omar	5748af4c98	feat: add WASM support via `web-time` (#1037 ) Support WASM environments by using web-time. This was tested on a Cloudflare worker environment.	2025-02-17 09:53:19 +01:00
André Cruz	3e9b1876d9	feat: add method to obtain TLS result (#1039 ) Some TLS toolkits export a result that can be checked afterwards even if the TLS negotation returned successfully. This can be used for example if you disabled certificate checks by default, but then want to check the outcome. Currently this is only supported on boring TLS.	2025-02-17 09:51:45 +01:00
Popax21	795bedae76	fix: synchronous pool shutdowns being arbitrarily delayed (#1041 ) Previously, the connection pool thread did not drop its upgraded `Arc` pool reference while sleeping until the next idle duration check. This causes a drop of the `SmtpTransport` to not shut down any connections until said thread wakes up again (since it still holds a reference to the pool), which can take up to 60s with default settings. In practice, this means that connections will most likely not be properly closed before the program exists, (since the `SmtpTransport` is most likely dropped when the program shuts down) which violates the SMTP specification which states that: > The sender MUST NOT intentionally close the channel until it sends a QUIT command, and it SHOULD wait until it receives the reply (even if there was an error response to a command).	2025-02-07 08:29:06 +01:00
dependabot[bot]	891dd521ab	build(deps): bump openssl from 0.10.68 to 0.10.70 (#1038 ) Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.68 to 0.10.70. - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.70) --- updated-dependencies: - dependency-name: openssl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-03 20:51:45 +01:00