Prepare v0.11.8 (#985)

Add a method that, when using a TLS toolkit that supports it, returns
the entire certificate chain. This is useful, for example, when
implementing DANE support which has directives that apply to the issuer
and not just to the leaf certificate.

Not all TLS toolkits support this, so the code will panic if the method
is called when using a TLS toolkit that has no way to return these
certificates.

.github/workflows/test.yml

@@ -13,16 +13,16 @@ env:
 
 jobs:
   rustfmt:
-    name: rustfmt / nightly-2023-06-22
+    name: rustfmt / nightly-2024-09-01
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install rust
         run: |
-          rustup default nightly-2023-06-22
+          rustup default nightly-2024-09-01
           rustup component add rustfmt
 
       - name: cargo fmt
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install rust
         run: |
@@ -50,7 +50,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install rust
         run: rustup update --no-self-update stable
@@ -80,7 +80,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install rust
         run: |
@@ -134,7 +134,7 @@ jobs:
 #    name: Coverage
 #    runs-on: ubuntu-latest
 #    steps:
-#      - uses: actions/checkout@v2
+#      - uses: actions/checkout@v4
 #      - uses: actions-rs/toolchain@v1
 #        with:
 #          toolchain: nightly

CHANGELOG.md

@@ -1,3 +1,27 @@
+<a name="v0.11.8"></a>
+### v0.11.8 (2024-09-03)
+
+#### Features
+
+* Add mTLS support ([#974])
+* Implement `accept_invalid_hostnames` for rustls ([#977])
+* Provide certificate chain for peer certificates when using `rustls` or `boring-tls` ([#976])
+
+#### Changes
+
+* Make `HeaderName` comparisons via `PartialEq` case insensitive ([#980])
+
+#### Misc
+
+* Fix clippy warnings ([#979])
+* Replace manual impl of `#[non_exhaustive]` for `InvalidHeaderName` ([#981])
+
+[#974]: https://github.com/lettre/lettre/pull/974
+[#976]: https://github.com/lettre/lettre/pull/976
+[#977]: https://github.com/lettre/lettre/pull/977
+[#980]: https://github.com/lettre/lettre/pull/980
+[#981]: https://github.com/lettre/lettre/pull/981
+
 <a name="v0.11.7"></a>
 ### v0.11.7 (2024-04-23)
 

Cargo.lock

@@ -634,16 +634,15 @@ dependencies = [
 
 [[package]]
 name = "curve25519-dalek"
-version = "4.1.2"
+version = "4.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
 dependencies = [
  "cfg-if",
  "cpufeatures",
  "curve25519-dalek-derive",
  "digest",
  "fiat-crypto",
- "platforms",
  "rustc_version",
  "subtle",
  "zeroize",
@@ -688,6 +687,17 @@ dependencies = [
  "crypto-common",
 ]
 
+[[package]]
+name = "displaydoc"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
 [[package]]
 name = "ed25519"
 version = "2.2.3"
@@ -1060,6 +1070,124 @@ version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
 
+[[package]]
+name = "icu_collections"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526"
+dependencies = [
+ "displaydoc",
+ "yoke",
+ "zerofrom",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locid"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637"
+dependencies = [
+ "displaydoc",
+ "litemap",
+ "tinystr",
+ "writeable",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locid_transform"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e"
+dependencies = [
+ "displaydoc",
+ "icu_locid",
+ "icu_locid_transform_data",
+ "icu_provider",
+ "tinystr",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locid_transform_data"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e"
+
+[[package]]
+name = "icu_normalizer"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f"
+dependencies = [
+ "displaydoc",
+ "icu_collections",
+ "icu_normalizer_data",
+ "icu_properties",
+ "icu_provider",
+ "smallvec",
+ "utf16_iter",
+ "utf8_iter",
+ "write16",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer_data"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516"
+
+[[package]]
+name = "icu_properties"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f8ac670d7422d7f76b32e17a5db556510825b29ec9154f235977c9caba61036"
+dependencies = [
+ "displaydoc",
+ "icu_collections",
+ "icu_locid_transform",
+ "icu_properties_data",
+ "icu_provider",
+ "tinystr",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_properties_data"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569"
+
+[[package]]
+name = "icu_provider"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9"
+dependencies = [
+ "displaydoc",
+ "icu_locid",
+ "icu_provider_macros",
+ "stable_deref_trait",
+ "tinystr",
+ "writeable",
+ "yoke",
+ "zerofrom",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_provider_macros"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
 [[package]]
 name = "idna"
 version = "0.5.0"
@@ -1070,6 +1198,18 @@ dependencies = [
  "unicode-normalization",
 ]
 
+[[package]]
+name = "idna"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4716a3a0933a1d01c2f72450e89596eb51dd34ef3c211ccd875acdf1f8fe47ed"
+dependencies = [
+ "icu_normalizer",
+ "icu_properties",
+ "smallvec",
+ "utf8_iter",
+]
+
 [[package]]
 name = "instant"
 version = "0.1.12"
@@ -1151,7 +1291,7 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "lettre"
-version = "0.11.7"
+version = "0.11.8"
 dependencies = [
  "async-std",
  "async-trait",
@@ -1169,7 +1309,7 @@ dependencies = [
  "glob",
  "hostname",
  "httpdate",
- "idna",
+ "idna 1.0.0",
  "maud",
  "mime",
  "native-tls",
@@ -1181,6 +1321,7 @@ dependencies = [
  "rustls",
  "rustls-native-certs",
  "rustls-pemfile",
+ "rustls-pki-types",
  "serde",
  "serde_json",
  "sha2",
@@ -1231,6 +1372,12 @@ version = "0.4.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
 
+[[package]]
+name = "litemap"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "643cb0b8d4fcc284004d5fd0d67ccf61dfffadb7f75e1e71bc420f4688a3a704"
+
 [[package]]
 name = "log"
 version = "0.4.20"
@@ -1418,9 +1565,9 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
 
 [[package]]
 name = "openssl"
-version = "0.10.63"
+version = "0.10.66"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15c9d69dd87a29568d4d017cfe8ec518706046a05184e5aea92d0af890b803c8"
+checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1"
 dependencies = [
  "bitflags 2.4.2",
  "cfg-if",
@@ -1450,9 +1597,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.99"
+version = "0.9.103"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22e1bf214306098e4832460f797824c05d25aacdf896f64a985fb0fd992454ae"
+checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6"
 dependencies = [
  "cc",
  "libc",
@@ -1543,12 +1690,6 @@ version = "0.3.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
 
-[[package]]
-name = "platforms"
-version = "3.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c"
-
 [[package]]
 name = "plotters"
 version = "0.3.5"
@@ -1879,9 +2020,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-pki-types"
-version = "1.3.0"
+version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "048a63e5b3ac996d78d402940b5fa47973d2d080c6c6fffa1d0f19c4445310b7"
+checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
 
 [[package]]
 name = "rustls-webpki"
@@ -2080,6 +2221,12 @@ dependencies = [
  "der",
 ]
 
+[[package]]
+name = "stable_deref_trait"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
+
 [[package]]
 name = "stacker"
 version = "0.1.15"
@@ -2121,6 +2268,17 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "synstructure"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
 [[package]]
 name = "tempfile"
 version = "3.10.0"
@@ -2143,6 +2301,16 @@ dependencies = [
  "once_cell",
 ]
 
+[[package]]
+name = "tinystr"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f"
+dependencies = [
+ "displaydoc",
+ "zerovec",
+]
+
 [[package]]
 name = "tinytemplate"
 version = "1.2.1"
@@ -2315,10 +2483,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633"
 dependencies = [
  "form_urlencoded",
- "idna",
+ "idna 0.5.0",
  "percent-encoding",
 ]
 
+[[package]]
+name = "utf16_iter"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246"
+
+[[package]]
+name = "utf8_iter"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
+
 [[package]]
 name = "uuid"
 version = "1.7.0"
@@ -2641,12 +2821,48 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
 
+[[package]]
+name = "write16"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936"
+
+[[package]]
+name = "writeable"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
+
 [[package]]
 name = "yansi"
 version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec"
 
+[[package]]
+name = "yoke"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c5b1314b079b0930c31e3af543d8ee1757b1951ae1e1565ec704403a7240ca5"
+dependencies = [
+ "serde",
+ "stable_deref_trait",
+ "yoke-derive",
+ "zerofrom",
+]
+
+[[package]]
+name = "yoke-derive"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28cc31741b18cb6f1d5ff12f5b7523e3d6eb0852bbbad19d73905511d9849b95"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+ "synstructure",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.32"
@@ -2667,8 +2883,51 @@ dependencies = [
  "syn 2.0.48",
 ]
 
+[[package]]
+name = "zerofrom"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91ec111ce797d0e0784a1116d0ddcdbea84322cd79e5d5ad173daeba4f93ab55"
+dependencies = [
+ "zerofrom-derive",
+]
+
+[[package]]
+name = "zerofrom-derive"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ea7b4a3637ea8669cedf0f1fd5c286a17f3de97b8dd5a70a6c167a1730e63a5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+ "synstructure",
+]
+
 [[package]]
 name = "zeroize"
 version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
+
+[[package]]
+name = "zerovec"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079"
+dependencies = [
+ "yoke",
+ "zerofrom",
+ "zerovec-derive",
+]
+
+[[package]]
+name = "zerovec-derive"
+version = "0.10.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "lettre"
 # remember to update html_root_url and README.md (Cargo.toml example and deps.rs badge)
-version = "0.11.7"
+version = "0.11.8"
 description = "Email client"
 readme = "README.md"
 homepage = "https://lettre.rs"
@@ -20,7 +20,7 @@ maintenance = { status = "actively-developed" }
 
 [dependencies]
 chumsky = "0.9"
-idna = "0.5"
+idna = "1"
 tracing = { version = "0.1.16", default-features = false, features = ["std"], optional = true } # feature
 
 # builder
@@ -48,6 +48,7 @@ native-tls = { version = "0.2.5", optional = true } # feature
 rustls = { version = "0.23.5", default-features = false, features = ["ring", "logging", "std", "tls12"], optional = true }
 rustls-pemfile = { version = "2", optional = true }
 rustls-native-certs = { version = "0.7", optional = true }
+rustls-pki-types = { version = "1.7", optional = true }
 webpki-roots = { version = "0.26", optional = true }
 boring = { version = "4", optional = true }
 
@@ -58,7 +59,6 @@ async-trait = { version = "0.1", optional = true }
 
 ## async-std
 async-std = { version = "1.8", optional = true }
-#async-native-tls = { version = "0.3.3", optional = true }
 futures-rustls = { version = "0.26", default-features = false, features = ["logging", "tls12", "ring"], optional = true }
 
 ## tokio
@@ -108,13 +108,12 @@ smtp-transport = ["dep:base64", "dep:nom", "dep:socket2", "dep:url", "dep:percen
 
 pool = ["dep:futures-util"]
 
-rustls-tls = ["dep:webpki-roots", "dep:rustls", "dep:rustls-pemfile"]
+rustls-tls = ["dep:webpki-roots", "dep:rustls", "dep:rustls-pemfile", "dep:rustls-pki-types"]
 
 boring-tls = ["dep:boring"]
 
 # async
 async-std1 = ["dep:async-std", "dep:async-trait", "dep:futures-io", "dep:futures-util"]
-#async-std1-native-tls = ["async-std1", "native-tls", "dep:async-native-tls"]
 async-std1-rustls-tls = ["async-std1", "rustls-tls", "dep:futures-rustls"]
 tokio1 = ["dep:tokio1_crate", "dep:async-trait", "dep:futures-io", "dep:futures-util"]
 tokio1-native-tls = ["tokio1", "native-tls", "dep:tokio1_native_tls_crate"]
@@ -123,6 +122,9 @@ tokio1-boring-tls = ["tokio1", "boring-tls", "dep:tokio1_boring"]
 
 dkim = ["dep:base64", "dep:sha2", "dep:rsa", "dep:ed25519-dalek"]
 
+[lints.rust]
+unexpected_cfgs = { level = "warn", check-cfg = ['cfg(lettre_ignore_tls_mismatch)'] }
+
 [package.metadata.docs.rs]
 all-features = true
 rustdoc-args = ["--cfg", "docsrs", "--cfg", "lettre_ignore_tls_mismatch"]

README.md

@@ -28,8 +28,8 @@
 </div>
 
 <div align="center">
-  <a href="https://deps.rs/crate/lettre/0.11.7">
-    <img src="https://deps.rs/crate/lettre/0.11.7/status.svg"
+  <a href="https://deps.rs/crate/lettre/0.11.8">
+    <img src="https://deps.rs/crate/lettre/0.11.8/status.svg"
       alt="dependency status" />
   </a>
 </div>

src/address/envelope.rs

@@ -14,11 +14,71 @@ pub struct Envelope {
     /// The envelope recipient's addresses
     ///
     /// This can not be empty.
+    #[cfg_attr(
+        feature = "serde",
+        serde(deserialize_with = "serde_forward_path::deserialize")
+    )]
     forward_path: Vec<Address>,
     /// The envelope sender address
     reverse_path: Option<Address>,
 }
 
+/// just like the default implementation to deserialize `Vec<Address>` but it
+/// forbids **de**serializing empty lists
+#[cfg(feature = "serde")]
+mod serde_forward_path {
+    use super::Address;
+    /// dummy type required for serde
+    /// see example: https://serde.rs/deserialize-map.html
+    struct CustomVisitor;
+    impl<'de> serde::de::Visitor<'de> for CustomVisitor {
+        type Value = Vec<Address>;
+
+        fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+            formatter.write_str("a non-empty list of recipient addresses")
+        }
+
+        fn visit_seq<S>(self, mut access: S) -> Result<Self::Value, S::Error>
+        where
+            S: serde::de::SeqAccess<'de>,
+        {
+            let mut seq: Vec<Address> = Vec::with_capacity(access.size_hint().unwrap_or(0));
+            while let Some(key) = access.next_element()? {
+                seq.push(key);
+            }
+            if seq.is_empty() {
+                Err(serde::de::Error::invalid_length(seq.len(), &self))
+            } else {
+                Ok(seq)
+            }
+        }
+    }
+    pub fn deserialize<'de, D>(deserializer: D) -> Result<Vec<Address>, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        deserializer.deserialize_seq(CustomVisitor {})
+    }
+
+    #[cfg(test)]
+    mod tests {
+        #[test]
+        fn deserializing_empty_recipient_list_returns_error() {
+            assert!(
+                serde_json::from_str::<crate::address::Envelope>(r#"{"forward_path": []}"#)
+                    .is_err()
+            );
+        }
+        #[test]
+        fn deserializing_non_empty_recipient_list_is_ok() {
+            serde_json::from_str::<crate::address::Envelope>(
+                r#"{ "forward_path": [ {"user":"foo", "domain":"example.com"} ] }"#,
+            )
+            .unwrap();
+        }
+    }
+}
+
 impl Envelope {
     /// Creates a new envelope, which may fail if `to` is empty.
     ///

src/executor.rs

@@ -230,7 +230,7 @@ impl Executor for AsyncStd1Executor {
     ) -> Result<AsyncSmtpConnection, Error> {
         #[allow(clippy::match_single_binding)]
         let tls_parameters = match tls {
-            #[cfg(any(feature = "async-std1-native-tls", feature = "async-std1-rustls-tls"))]
+            #[cfg(feature = "async-std1-rustls-tls")]
             Tls::Wrapper(tls_parameters) => Some(tls_parameters.clone()),
             _ => None,
         };
@@ -243,7 +243,7 @@ impl Executor for AsyncStd1Executor {
         )
         .await?;
 
-        #[cfg(any(feature = "async-std1-native-tls", feature = "async-std1-rustls-tls"))]
+        #[cfg(feature = "async-std1-rustls-tls")]
         match tls {
             Tls::Opportunistic(tls_parameters) => {
                 if conn.can_starttls() {

src/lib.rs

@@ -109,7 +109,7 @@
 //! [mime 0.3]: https://docs.rs/mime/0.3
 //! [DKIM]: https://datatracker.ietf.org/doc/html/rfc6376
 
-#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.7")]
+#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.8")]
 #![doc(html_favicon_url = "https://lettre.rs/favicon.ico")]
 #![doc(html_logo_url = "https://avatars0.githubusercontent.com/u/15113230?v=4")]
 #![forbid(unsafe_code)]
@@ -174,21 +174,7 @@ mod compiletime_checks {
     If you'd like to use `boring-tls` make sure that the `rustls-tls` feature hasn't been enabled by mistake.
     Make sure to apply the same to any of your crate dependencies that use the `lettre` crate.");
 
-    /*
-    #[cfg(all(
-        feature = "async-std1",
-        feature = "native-tls",
-        not(feature = "async-std1-native-tls")
-    ))]
-    compile_error!("Lettre is being built with the `async-std1` and the `native-tls` features, but the `async-std1-native-tls` feature hasn't been turned on.
-    If you'd like to use rustls make sure that the `native-tls` hasn't been enabled by mistake (you may need to import lettre without default features)
-    If you're building a library which depends on lettre import it without default features and enable just the features you need.");
-    */
-    #[cfg(all(
-        feature = "async-std1",
-        feature = "native-tls",
-        not(feature = "async-std1-native-tls")
-    ))]
+    #[cfg(all(feature = "async-std1", feature = "native-tls",))]
     compile_error!("Lettre is being built with the `async-std1` and the `native-tls` features, but the async-std integration doesn't support native-tls yet.
 If you'd like to work on the issue please take a look at https://github.com/lettre/lettre/issues/576.
 If you were trying to opt into `rustls-tls` and did not activate `native-tls`, disable the default-features of lettre in `Cargo.toml` and manually add the required features.

src/message/header/mod.rs

@@ -124,22 +124,18 @@ impl Headers {
     }
 
     pub(crate) fn find_header(&self, name: &str) -> Option<&HeaderValue> {
-        self.headers
-            .iter()
-            .find(|value| name.eq_ignore_ascii_case(&value.name))
+        self.headers.iter().find(|value| name == value.name)
     }
 
     fn find_header_mut(&mut self, name: &str) -> Option<&mut HeaderValue> {
-        self.headers
-            .iter_mut()
-            .find(|value| name.eq_ignore_ascii_case(&value.name))
+        self.headers.iter_mut().find(|value| name == value.name)
     }
 
     fn find_header_index(&self, name: &str) -> Option<usize> {
         self.headers
             .iter()
             .enumerate()
-            .find(|(_i, value)| name.eq_ignore_ascii_case(&value.name))
+            .find(|(_i, value)| name == value.name)
             .map(|(i, _)| i)
     }
 }
@@ -161,18 +157,9 @@ impl Display for Headers {
 /// A possible error when converting a `HeaderName` from another type.
 // comes from `http` crate
 #[allow(missing_copy_implementations)]
-#[derive(Clone)]
-pub struct InvalidHeaderName {
-    _priv: (),
-}
-
-impl fmt::Debug for InvalidHeaderName {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.debug_struct("InvalidHeaderName")
-            // skip _priv noise
-            .finish()
-    }
-}
+#[derive(Debug, Clone)]
+#[non_exhaustive]
+pub struct InvalidHeaderName;
 
 impl fmt::Display for InvalidHeaderName {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
@@ -189,14 +176,11 @@ pub struct HeaderName(Cow<'static, str>);
 impl HeaderName {
     /// Creates a new header name
     pub fn new_from_ascii(ascii: String) -> Result<Self, InvalidHeaderName> {
-        if !ascii.is_empty()
-            && ascii.len() <= 76
-            && ascii.is_ascii()
-            && !ascii.contains(|c| c == ':' || c == ' ')
+        if !ascii.is_empty() && ascii.len() <= 76 && ascii.is_ascii() && !ascii.contains([':', ' '])
         {
             Ok(Self(Cow::Owned(ascii)))
         } else {
-            Err(InvalidHeaderName { _priv: () })
+            Err(InvalidHeaderName)
         }
     }
 
@@ -257,23 +241,19 @@ impl AsRef<str> for HeaderName {
 
 impl PartialEq<HeaderName> for HeaderName {
     fn eq(&self, other: &HeaderName) -> bool {
-        let s1: &str = self.as_ref();
-        let s2: &str = other.as_ref();
-        s1 == s2
+        self.eq_ignore_ascii_case(other)
     }
 }
 
 impl PartialEq<&str> for HeaderName {
     fn eq(&self, other: &&str) -> bool {
-        let s: &str = self.as_ref();
-        s == *other
+        self.eq_ignore_ascii_case(other)
     }
 }
 
 impl PartialEq<HeaderName> for &str {
     fn eq(&self, other: &HeaderName) -> bool {
-        let s: &str = other.as_ref();
-        *self == s
+        self.eq_ignore_ascii_case(other)
     }
 }
 
@@ -467,6 +447,60 @@ mod tests {
         let _ = HeaderName::new_from_ascii_str("");
     }
 
+    #[test]
+    fn headername_headername_eq() {
+        assert_eq!(
+            HeaderName::new_from_ascii_str("From"),
+            HeaderName::new_from_ascii_str("From")
+        );
+    }
+
+    #[test]
+    fn headername_str_eq() {
+        assert_eq!(HeaderName::new_from_ascii_str("From"), "From");
+    }
+
+    #[test]
+    fn str_headername_eq() {
+        assert_eq!("From", HeaderName::new_from_ascii_str("From"));
+    }
+
+    #[test]
+    fn headername_headername_eq_case_insensitive() {
+        assert_eq!(
+            HeaderName::new_from_ascii_str("From"),
+            HeaderName::new_from_ascii_str("from")
+        );
+    }
+
+    #[test]
+    fn headername_str_eq_case_insensitive() {
+        assert_eq!(HeaderName::new_from_ascii_str("From"), "from");
+    }
+
+    #[test]
+    fn str_headername_eq_case_insensitive() {
+        assert_eq!("from", HeaderName::new_from_ascii_str("From"));
+    }
+
+    #[test]
+    fn headername_headername_ne() {
+        assert_ne!(
+            HeaderName::new_from_ascii_str("From"),
+            HeaderName::new_from_ascii_str("To")
+        );
+    }
+
+    #[test]
+    fn headername_str_ne() {
+        assert_ne!(HeaderName::new_from_ascii_str("From"), "To");
+    }
+
+    #[test]
+    fn str_headername_ne() {
+        assert_ne!("From", HeaderName::new_from_ascii_str("To"));
+    }
+
     // names taken randomly from https://it.wikipedia.org/wiki/Pinco_Pallino
 
     #[test]

src/transport/mod.rs

@@ -12,7 +12,7 @@
 //!
 //! * a service from your Cloud or hosting provider
 //! * an email server ([MTA] for Mail Transfer Agent, like Postfix or Exchange), running either
-//! locally on your servers or accessible over the network
+//!   locally on your servers or accessible over the network
 //! * a dedicated external service, like Mailchimp, Mailgun, etc.
 //!
 //! In most cases, the best option is to:

src/transport/smtp/async_transport.rs

@@ -82,7 +82,6 @@ where
     #[cfg(any(
         feature = "tokio1-native-tls",
         feature = "tokio1-rustls-tls",
-        feature = "async-std1-native-tls",
         feature = "async-std1-rustls-tls"
     ))]
     #[cfg_attr(
@@ -117,7 +116,6 @@ where
     #[cfg(any(
         feature = "tokio1-native-tls",
         feature = "tokio1-rustls-tls",
-        feature = "async-std1-native-tls",
         feature = "async-std1-rustls-tls"
     ))]
     #[cfg_attr(
@@ -353,7 +351,6 @@ impl AsyncSmtpTransportBuilder {
     #[cfg(any(
         feature = "tokio1-native-tls",
         feature = "tokio1-rustls-tls",
-        feature = "async-std1-native-tls",
         feature = "async-std1-rustls-tls"
     ))]
     #[cfg_attr(

src/transport/smtp/client/async_connection.rs

@@ -373,4 +373,10 @@ impl AsyncSmtpConnection {
     pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
         self.stream.get_ref().peer_certificate()
     }
+
+    /// All the X509 certificates of the chain (DER encoded)
+    #[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
+    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
+        self.stream.get_ref().certificate_chain()
+    }
 }

src/transport/smtp/client/async_net.rs

@@ -6,8 +6,6 @@ use std::{
     time::Duration,
 };
 
-#[cfg(feature = "async-std1-native-tls")]
-use async_native_tls::TlsStream as AsyncStd1TlsStream;
 #[cfg(feature = "async-std1")]
 use async_std::net::{TcpStream as AsyncStd1TcpStream, ToSocketAddrs as AsyncStd1ToSocketAddrs};
 use futures_io::{
@@ -36,7 +34,6 @@ use tokio1_rustls::client::TlsStream as Tokio1RustlsTlsStream;
     feature = "tokio1-native-tls",
     feature = "tokio1-rustls-tls",
     feature = "tokio1-boring-tls",
-    feature = "async-std1-native-tls",
     feature = "async-std1-rustls-tls"
 ))]
 use super::InnerTlsParameters;
@@ -86,9 +83,6 @@ enum InnerAsyncNetworkStream {
     #[cfg(feature = "async-std1")]
     AsyncStd1Tcp(AsyncStd1TcpStream),
     /// Encrypted Tokio 1.x TCP stream
-    #[cfg(feature = "async-std1-native-tls")]
-    AsyncStd1NativeTls(AsyncStd1TlsStream<AsyncStd1TcpStream>),
-    /// Encrypted Tokio 1.x TCP stream
     #[cfg(feature = "async-std1-rustls-tls")]
     AsyncStd1RustlsTls(AsyncStd1RustlsTlsStream<AsyncStd1TcpStream>),
     /// Can't be built
@@ -119,8 +113,6 @@ impl AsyncNetworkStream {
             InnerAsyncNetworkStream::Tokio1BoringTls(s) => s.get_ref().peer_addr(),
             #[cfg(feature = "async-std1")]
             InnerAsyncNetworkStream::AsyncStd1Tcp(s) => s.peer_addr(),
-            #[cfg(feature = "async-std1-native-tls")]
-            InnerAsyncNetworkStream::AsyncStd1NativeTls(s) => s.get_ref().peer_addr(),
             #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => s.get_ref().0.peer_addr(),
             InnerAsyncNetworkStream::None => {
@@ -288,16 +280,13 @@ impl AsyncNetworkStream {
                     .map_err(error::connection)?;
                 Ok(())
             }
-            #[cfg(all(
-                feature = "async-std1",
-                not(any(feature = "async-std1-native-tls", feature = "async-std1-rustls-tls"))
-            ))]
+            #[cfg(all(feature = "async-std1", not(feature = "async-std1-rustls-tls")))]
             InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
                 let _ = tls_parameters;
-                panic!("Trying to upgrade an AsyncNetworkStream without having enabled either the async-std1-native-tls or the async-std1-rustls-tls feature");
+                panic!("Trying to upgrade an AsyncNetworkStream without having enabled the async-std1-rustls-tls feature");
             }
 
-            #[cfg(any(feature = "async-std1-native-tls", feature = "async-std1-rustls-tls"))]
+            #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
                 // get owned TcpStream
                 let tcp_stream = mem::replace(&mut self.inner, InnerAsyncNetworkStream::None);
@@ -385,11 +374,7 @@ impl AsyncNetworkStream {
     }
 
     #[allow(unused_variables)]
-    #[cfg(any(
-        feature = "async-std1-native-tls",
-        feature = "async-std1-rustls-tls",
-        feature = "async-std1-boring-tls"
-    ))]
+    #[cfg(feature = "async-std1-rustls-tls")]
     async fn upgrade_asyncstd1_tls(
         tcp_stream: AsyncStd1TcpStream,
         mut tls_parameters: TlsParameters,
@@ -400,22 +385,6 @@ impl AsyncNetworkStream {
             #[cfg(feature = "native-tls")]
             InnerTlsParameters::NativeTls(connector) => {
                 panic!("native-tls isn't supported with async-std yet. See https://github.com/lettre/lettre/pull/531#issuecomment-757893531");
-
-                /*
-                #[cfg(not(feature = "async-std1-native-tls"))]
-                panic!("built without the async-std1-native-tls feature");
-
-                #[cfg(feature = "async-std1-native-tls")]
-                return {
-                    use async_native_tls::TlsConnector;
-
-                    // TODO: fix
-                    let connector: TlsConnector = todo!();
-                    // let connector = TlsConnector::from(connector);
-                    let stream = connector.connect(&domain, tcp_stream).await?;
-                    Ok(InnerAsyncNetworkStream::AsyncStd1NativeTls(stream))
-                };
-                */
             }
             #[cfg(feature = "rustls-tls")]
             InnerTlsParameters::RustlsTls(config) => {
@@ -456,14 +425,54 @@ impl AsyncNetworkStream {
             InnerAsyncNetworkStream::Tokio1BoringTls(_) => true,
             #[cfg(feature = "async-std1")]
             InnerAsyncNetworkStream::AsyncStd1Tcp(_) => false,
-            #[cfg(feature = "async-std1-native-tls")]
-            InnerAsyncNetworkStream::AsyncStd1NativeTls(_) => true,
             #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1RustlsTls(_) => true,
             InnerAsyncNetworkStream::None => false,
         }
     }
 
+    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
+        match &self.inner {
+            #[cfg(feature = "tokio1")]
+            InnerAsyncNetworkStream::Tokio1Tcp(_) => {
+                Err(error::client("Connection is not encrypted"))
+            }
+            #[cfg(feature = "tokio1-native-tls")]
+            InnerAsyncNetworkStream::Tokio1NativeTls(_) => panic!("Unsupported"),
+            #[cfg(feature = "tokio1-rustls-tls")]
+            InnerAsyncNetworkStream::Tokio1RustlsTls(stream) => Ok(stream
+                .get_ref()
+                .1
+                .peer_certificates()
+                .unwrap()
+                .iter()
+                .map(|c| c.to_vec())
+                .collect()),
+            #[cfg(feature = "tokio1-boring-tls")]
+            InnerAsyncNetworkStream::Tokio1BoringTls(stream) => Ok(stream
+                .ssl()
+                .peer_cert_chain()
+                .unwrap()
+                .iter()
+                .map(|c| c.to_der().map_err(error::tls))
+                .collect::<Result<Vec<_>, _>>()?),
+            #[cfg(feature = "async-std1")]
+            InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
+                Err(error::client("Connection is not encrypted"))
+            }
+            #[cfg(feature = "async-std1-rustls-tls")]
+            InnerAsyncNetworkStream::AsyncStd1RustlsTls(stream) => Ok(stream
+                .get_ref()
+                .1
+                .peer_certificates()
+                .unwrap()
+                .iter()
+                .map(|c| c.to_vec())
+                .collect()),
+            InnerAsyncNetworkStream::None => panic!("InnerNetworkStream::None must never be built"),
+        }
+    }
+
     pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
         match &self.inner {
             #[cfg(feature = "tokio1")]
@@ -498,8 +507,6 @@ impl AsyncNetworkStream {
             InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
                 Err(error::client("Connection is not encrypted"))
             }
-            #[cfg(feature = "async-std1-native-tls")]
-            InnerAsyncNetworkStream::AsyncStd1NativeTls(t) => panic!("Unsupported"),
             #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1RustlsTls(stream) => Ok(stream
                 .get_ref()
@@ -559,8 +566,6 @@ impl FuturesAsyncRead for AsyncNetworkStream {
             }
             #[cfg(feature = "async-std1")]
             InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_read(cx, buf),
-            #[cfg(feature = "async-std1-native-tls")]
-            InnerAsyncNetworkStream::AsyncStd1NativeTls(s) => Pin::new(s).poll_read(cx, buf),
             #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_read(cx, buf),
             InnerAsyncNetworkStream::None => {
@@ -588,8 +593,6 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
             InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_write(cx, buf),
             #[cfg(feature = "async-std1")]
             InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_write(cx, buf),
-            #[cfg(feature = "async-std1-native-tls")]
-            InnerAsyncNetworkStream::AsyncStd1NativeTls(s) => Pin::new(s).poll_write(cx, buf),
             #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_write(cx, buf),
             InnerAsyncNetworkStream::None => {
@@ -611,8 +614,6 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
             InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_flush(cx),
             #[cfg(feature = "async-std1")]
             InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_flush(cx),
-            #[cfg(feature = "async-std1-native-tls")]
-            InnerAsyncNetworkStream::AsyncStd1NativeTls(s) => Pin::new(s).poll_flush(cx),
             #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_flush(cx),
             InnerAsyncNetworkStream::None => {
@@ -634,8 +635,6 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
             InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_shutdown(cx),
             #[cfg(feature = "async-std1")]
             InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_close(cx),
-            #[cfg(feature = "async-std1-native-tls")]
-            InnerAsyncNetworkStream::AsyncStd1NativeTls(s) => Pin::new(s).poll_close(cx),
             #[cfg(feature = "async-std1-rustls-tls")]
             InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_close(cx),
             InnerAsyncNetworkStream::None => {

src/transport/smtp/client/connection.rs

@@ -307,4 +307,10 @@ impl SmtpConnection {
     pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
         self.stream.get_ref().peer_certificate()
     }
+
+    /// All the X509 certificates of the chain (DER encoded)
+    #[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
+    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
+        self.stream.get_ref().certificate_chain()
+    }
 }

src/transport/smtp/client/mod.rs

@@ -38,7 +38,7 @@ pub(super) use self::tls::InnerTlsParameters;
 pub use self::tls::TlsVersion;
 pub use self::{
     connection::SmtpConnection,
-    tls::{Certificate, CertificateStore, Tls, TlsParameters, TlsParametersBuilder},
+    tls::{Certificate, CertificateStore, Identity, Tls, TlsParameters, TlsParametersBuilder},
 };
 
 #[cfg(any(feature = "tokio1", feature = "async-std1"))]
@@ -139,7 +139,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "log")]
+    #[cfg(feature = "tracing")]
     fn test_escape_crlf() {
         assert_eq!(escape_crlf("\r\n"), "<CRLF>");
         assert_eq!(escape_crlf("EHLO my_name\r\n"), "EHLO my_name<CRLF>");

src/transport/smtp/client/net.rs

@@ -223,6 +223,32 @@ impl NetworkStream {
         }
     }
 
+    #[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
+    pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
+        match &self.inner {
+            InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
+            #[cfg(feature = "native-tls")]
+            InnerNetworkStream::NativeTls(_) => panic!("Unsupported"),
+            #[cfg(feature = "rustls-tls")]
+            InnerNetworkStream::RustlsTls(stream) => Ok(stream
+                .conn
+                .peer_certificates()
+                .unwrap()
+                .iter()
+                .map(|c| c.to_vec())
+                .collect()),
+            #[cfg(feature = "boring-tls")]
+            InnerNetworkStream::BoringTls(stream) => Ok(stream
+                .ssl()
+                .peer_cert_chain()
+                .unwrap()
+                .iter()
+                .map(|c| c.to_der().map_err(error::tls))
+                .collect::<Result<Vec<_>, _>>()?),
+            InnerNetworkStream::None => panic!("InnerNetworkStream::None must never be built"),
+        }
+    }
+
     #[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
     pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
         match &self.inner {

src/transport/smtp/client/tls.rs

@@ -4,6 +4,7 @@ use std::{io, sync::Arc};
 
 #[cfg(feature = "boring-tls")]
 use boring::{
+    pkey::PKey,
     ssl::{SslConnector, SslVersion},
     x509::store::X509StoreBuilder,
 };
@@ -12,8 +13,10 @@ use native_tls::{Protocol, TlsConnector};
 #[cfg(feature = "rustls-tls")]
 use rustls::{
     client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
+    crypto::WebPkiSupportedAlgorithms,
     crypto::{verify_tls12_signature, verify_tls13_signature},
-    pki_types::{CertificateDer, ServerName, UnixTime},
+    pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime},
+    server::ParsedCertificate,
     ClientConfig, DigitallySignedStruct, Error as TlsError, RootCertStore, SignatureScheme,
 };
 
@@ -108,7 +111,7 @@ pub enum CertificateStore {
     /// For native-tls, this will use the system certificate store on Windows, the keychain on
     /// macOS, and OpenSSL directories on Linux (usually `/etc/ssl`).
     ///
-    /// For rustls, this will also use the the system store if the `rustls-native-certs` feature is
+    /// For rustls, this will also use the system store if the `rustls-native-certs` feature is
     /// enabled, or will fall back to `webpki-roots`.
     ///
     /// The boring-tls backend uses the same logic as OpenSSL on all platforms.
@@ -139,6 +142,7 @@ pub struct TlsParametersBuilder {
     domain: String,
     cert_store: CertificateStore,
     root_certs: Vec<Certificate>,
+    identity: Option<Identity>,
     accept_invalid_hostnames: bool,
     accept_invalid_certs: bool,
     #[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
@@ -152,6 +156,7 @@ impl TlsParametersBuilder {
             domain,
             cert_store: CertificateStore::Default,
             root_certs: Vec::new(),
+            identity: None,
             accept_invalid_hostnames: false,
             accept_invalid_certs: false,
             #[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
@@ -167,12 +172,20 @@ impl TlsParametersBuilder {
 
     /// Add a custom root certificate
     ///
-    /// Can be used to safely connect to a server using a self signed certificate, for example.
+    /// Can be used to safely connect to a server using a self-signed certificate, for example.
     pub fn add_root_certificate(mut self, cert: Certificate) -> Self {
         self.root_certs.push(cert);
         self
     }
 
+    /// Add a client certificate
+    ///
+    /// Can be used to configure a client certificate to present to the server.
+    pub fn identify_with(mut self, identity: Identity) -> Self {
+        self.identity = Some(identity);
+        self
+    }
+
     /// Controls whether certificates with an invalid hostname are accepted
     ///
     /// Defaults to `false`.
@@ -184,10 +197,11 @@ impl TlsParametersBuilder {
     /// including those from other sites, are trusted.
     ///
     /// This method introduces significant vulnerabilities to man-in-the-middle attacks.
-    ///
-    /// Hostname verification can only be disabled with the `native-tls` TLS backend.
     #[cfg(any(feature = "native-tls", feature = "boring-tls"))]
-    #[cfg_attr(docsrs, doc(cfg(any(feature = "native-tls", feature = "boring-tls"))))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
+    )]
     pub fn dangerous_accept_invalid_hostnames(mut self, accept_invalid_hostnames: bool) -> Self {
         self.accept_invalid_hostnames = accept_invalid_hostnames;
         self
@@ -275,6 +289,10 @@ impl TlsParametersBuilder {
         };
 
         tls_builder.min_protocol_version(Some(min_tls_version));
+        if let Some(identity) = self.identity {
+            tls_builder.identity(identity.native_tls);
+        }
+
         let connector = tls_builder.build().map_err(error::tls)?;
         Ok(TlsParameters {
             connector: InnerTlsParameters::NativeTls(connector),
@@ -317,6 +335,15 @@ impl TlsParametersBuilder {
             }
         }
 
+        if let Some(identity) = self.identity {
+            tls_builder
+                .set_certificate(identity.boring_tls.0.as_ref())
+                .map_err(error::tls)?;
+            tls_builder
+                .set_private_key(identity.boring_tls.1.as_ref())
+                .map_err(error::tls)?;
+        }
+
         let min_tls_version = match self.min_tls_version {
             TlsVersion::Tlsv10 => SslVersion::TLS1,
             TlsVersion::Tlsv11 => SslVersion::TLS1_1,
@@ -352,51 +379,70 @@ impl TlsParametersBuilder {
         };
 
         let tls = ClientConfig::builder_with_protocol_versions(supported_versions);
+        let provider = rustls::crypto::CryptoProvider::get_default()
+            .cloned()
+            .unwrap_or_else(|| Arc::new(rustls::crypto::ring::default_provider()));
 
-        let tls = if self.accept_invalid_certs {
-            tls.dangerous()
-                .with_custom_certificate_verifier(Arc::new(InvalidCertsVerifier {}))
-        } else {
-            let mut root_cert_store = RootCertStore::empty();
+        // Build TLS config
+        let signature_algorithms = provider.signature_verification_algorithms;
 
-            #[cfg(feature = "rustls-native-certs")]
-            fn load_native_roots(store: &mut RootCertStore) -> Result<(), Error> {
-                let native_certs = rustls_native_certs::load_native_certs().map_err(error::tls)?;
-                let (added, ignored) = store.add_parsable_certificates(native_certs);
-                #[cfg(feature = "tracing")]
-                tracing::debug!(
-                    "loaded platform certs with {added} valid and {ignored} ignored (invalid) certs"
-                );
-                Ok(())
+        let mut root_cert_store = RootCertStore::empty();
+
+        #[cfg(feature = "rustls-native-certs")]
+        fn load_native_roots(store: &mut RootCertStore) -> Result<(), Error> {
+            let native_certs = rustls_native_certs::load_native_certs().map_err(error::tls)?;
+            let (added, ignored) = store.add_parsable_certificates(native_certs);
+            #[cfg(feature = "tracing")]
+            tracing::debug!(
+                "loaded platform certs with {added} valid and {ignored} ignored (invalid) certs"
+            );
+            Ok(())
+        }
+
+        #[cfg(feature = "rustls-tls")]
+        fn load_webpki_roots(store: &mut RootCertStore) {
+            store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
+        }
+
+        match self.cert_store {
+            CertificateStore::Default => {
+                #[cfg(feature = "rustls-native-certs")]
+                load_native_roots(&mut root_cert_store)?;
+                #[cfg(not(feature = "rustls-native-certs"))]
+                load_webpki_roots(&mut root_cert_store);
             }
-
             #[cfg(feature = "rustls-tls")]
-            fn load_webpki_roots(store: &mut RootCertStore) {
-                store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
-            }
-
-            match self.cert_store {
-                CertificateStore::Default => {
-                    #[cfg(feature = "rustls-native-certs")]
-                    load_native_roots(&mut root_cert_store)?;
-                    #[cfg(not(feature = "rustls-native-certs"))]
-                    load_webpki_roots(&mut root_cert_store);
-                }
-                #[cfg(feature = "rustls-tls")]
-                CertificateStore::WebpkiRoots => {
-                    load_webpki_roots(&mut root_cert_store);
-                }
-                CertificateStore::None => {}
-            }
-            for cert in self.root_certs {
-                for rustls_cert in cert.rustls {
-                    root_cert_store.add(rustls_cert).map_err(error::tls)?;
-                }
+            CertificateStore::WebpkiRoots => {
+                load_webpki_roots(&mut root_cert_store);
             }
+            CertificateStore::None => {}
+        }
+        for cert in self.root_certs {
+            for rustls_cert in cert.rustls {
+                root_cert_store.add(rustls_cert).map_err(error::tls)?;
+            }
+        }
 
+        let tls = if self.accept_invalid_certs || self.accept_invalid_hostnames {
+            let verifier = InvalidCertsVerifier {
+                ignore_invalid_hostnames: self.accept_invalid_hostnames,
+                ignore_invalid_certs: self.accept_invalid_certs,
+                roots: root_cert_store,
+                signature_algorithms,
+            };
+            tls.dangerous()
+                .with_custom_certificate_verifier(Arc::new(verifier))
+        } else {
             tls.with_root_certificates(root_cert_store)
         };
-        let tls = tls.with_no_client_auth();
+
+        let tls = if let Some(identity) = self.identity {
+            let (client_certificates, private_key) = identity.rustls_tls;
+            tls.with_client_auth_cert(client_certificates, private_key)
+                .map_err(error::tls)?
+        } else {
+            tls.with_no_client_auth()
+        };
 
         Ok(TlsParameters {
             connector: InnerTlsParameters::RustlsTls(Arc::new(tls)),
@@ -461,7 +507,7 @@ impl TlsParameters {
     }
 }
 
-/// A client certificate that can be used with [`TlsParametersBuilder::add_root_certificate`]
+/// A certificate that can be used with [`TlsParametersBuilder::add_root_certificate`]
 #[derive(Clone)]
 #[allow(missing_copy_implementations)]
 pub struct Certificate {
@@ -528,20 +574,109 @@ impl Debug for Certificate {
     }
 }
 
+/// An identity that can be used with [`TlsParametersBuilder::identify_with`]
+#[allow(missing_copy_implementations)]
+pub struct Identity {
+    #[cfg(feature = "native-tls")]
+    native_tls: native_tls::Identity,
+    #[cfg(feature = "rustls-tls")]
+    rustls_tls: (Vec<CertificateDer<'static>>, PrivateKeyDer<'static>),
+    #[cfg(feature = "boring-tls")]
+    boring_tls: (boring::x509::X509, PKey<boring::pkey::Private>),
+}
+
+impl Debug for Identity {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("Identity").finish()
+    }
+}
+
+impl Clone for Identity {
+    fn clone(&self) -> Self {
+        Identity {
+            #[cfg(feature = "native-tls")]
+            native_tls: self.native_tls.clone(),
+            #[cfg(feature = "rustls-tls")]
+            rustls_tls: (self.rustls_tls.0.clone(), self.rustls_tls.1.clone_key()),
+            #[cfg(feature = "boring-tls")]
+            boring_tls: (self.boring_tls.0.clone(), self.boring_tls.1.clone()),
+        }
+    }
+}
+
+#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
+impl Identity {
+    pub fn from_pem(pem: &[u8], key: &[u8]) -> Result<Self, Error> {
+        Ok(Self {
+            #[cfg(feature = "native-tls")]
+            native_tls: Identity::from_pem_native_tls(pem, key)?,
+            #[cfg(feature = "rustls-tls")]
+            rustls_tls: Identity::from_pem_rustls_tls(pem, key)?,
+            #[cfg(feature = "boring-tls")]
+            boring_tls: Identity::from_pem_boring_tls(pem, key)?,
+        })
+    }
+
+    #[cfg(feature = "native-tls")]
+    fn from_pem_native_tls(pem: &[u8], key: &[u8]) -> Result<native_tls::Identity, Error> {
+        native_tls::Identity::from_pkcs8(pem, key).map_err(error::tls)
+    }
+
+    #[cfg(feature = "rustls-tls")]
+    fn from_pem_rustls_tls(
+        pem: &[u8],
+        key: &[u8],
+    ) -> Result<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>), Error> {
+        let mut key = key;
+        let key = rustls_pemfile::private_key(&mut key).unwrap().unwrap();
+        Ok((vec![pem.to_owned().into()], key))
+    }
+
+    #[cfg(feature = "boring-tls")]
+    fn from_pem_boring_tls(
+        pem: &[u8],
+        key: &[u8],
+    ) -> Result<(boring::x509::X509, PKey<boring::pkey::Private>), Error> {
+        let cert = boring::x509::X509::from_pem(pem).map_err(error::tls)?;
+        let key = boring::pkey::PKey::private_key_from_pem(key).map_err(error::tls)?;
+        Ok((cert, key))
+    }
+}
+
 #[cfg(feature = "rustls-tls")]
 #[derive(Debug)]
-struct InvalidCertsVerifier;
+struct InvalidCertsVerifier {
+    ignore_invalid_hostnames: bool,
+    ignore_invalid_certs: bool,
+    roots: RootCertStore,
+    signature_algorithms: WebPkiSupportedAlgorithms,
+}
 
 #[cfg(feature = "rustls-tls")]
 impl ServerCertVerifier for InvalidCertsVerifier {
     fn verify_server_cert(
         &self,
-        _end_entity: &CertificateDer<'_>,
-        _intermediates: &[CertificateDer<'_>],
-        _server_name: &ServerName<'_>,
+        end_entity: &CertificateDer<'_>,
+        intermediates: &[CertificateDer<'_>],
+        server_name: &ServerName<'_>,
         _ocsp_response: &[u8],
-        _now: UnixTime,
+        now: UnixTime,
     ) -> Result<ServerCertVerified, TlsError> {
+        let cert = ParsedCertificate::try_from(end_entity)?;
+
+        if !self.ignore_invalid_certs {
+            rustls::client::verify_server_cert_signed_by_trust_anchor(
+                &cert,
+                &self.roots,
+                intermediates,
+                now,
+                self.signature_algorithms.all,
+            )?;
+        }
+
+        if !self.ignore_invalid_hostnames {
+            rustls::client::verify_server_name(&cert, server_name)?;
+        }
         Ok(ServerCertVerified::assertion())
     }