From 537fbeebd9cba28d8b18af89f9a2c090af03a0bc Mon Sep 17 00:00:00 2001
From: urko <urko@fungimail.llc>
Date: Mon, 20 Oct 2025 18:57:29 +0000
Subject: [PATCH] fix: customVerify cert alg + update valid CNs

---
 pkg/email/email.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/email/email.go b/pkg/email/email.go
index a1e4371..8aa4e80 100644
--- a/pkg/email/email.go
+++ b/pkg/email/email.go
@@ -91,8 +91,10 @@ var validCommonNames = []string{
 	"ISRG Root X1",
 	"R3",
 	"R10",
+	"R13",
 	"R11",
 	"E5",
+	"E7",
 	"DST Root CA X3",
 	"DigiCert Global Root G2",
 	"DigiCert Global G2 TLS RSA SHA256 2020 CA1",
@@ -138,10 +140,15 @@ func customVerify(host string) func(cs tls.ConnectionState) error {
 				return fmt.Errorf("untrusted certificate issuer: %s", cert.Issuer.CommonName)
 			}
 
-			// Check that the public key algorithm is RSA.
-			if cert.PublicKeyAlgorithm != x509.RSA {
-				return fmt.Errorf("unsupported public key algorithm: %v", cert.PublicKeyAlgorithm)
+			// Check that the public key algorithms
+			switch cert.PublicKeyAlgorithm {
+			case x509.RSA, x509.ECDSA:
+				// OK
+			default:
+				return fmt.Errorf("unsupported public key algorithm: %v",
+					cert.PublicKeyAlgorithm)
 			}
+
 		}
 
 		return nil