Fixed: Use general settings cert validation for email

3 years ago · 706f8310bb
parent ae4994571a
commit 706f8310bb
2 changed files with 25 additions and 6 deletions
--- a/src/NzbDrone.Core/Notifications/Email/Email.cs
+++ b/src/NzbDrone.Core/Notifications/Email/Email.cs
@ -7,18 +7,22 @@ using MailKit.Security;
 using MimeKit;
 using NLog;
 using NzbDrone.Common.Extensions;
+using NzbDrone.Common.Http.Dispatchers;
 using NzbDrone.Core.MediaFiles;
+using NzbDrone.Core.Security;

 namespace NzbDrone.Core.Notifications.Email
 {
    public class Email : NotificationBase<EmailSettings>
    {
+        private readonly ICertificateValidationService _certificateValidationService;
        private readonly Logger _logger;

        public override string Name => "Email";

-        public Email(Logger logger)
+        public Email(ICertificateValidationService certificateValidationService, Logger logger)
        {
+            _certificateValidationService = certificateValidationService;
            _logger = logger;
        }

@ -174,6 +178,8 @@ namespace NzbDrone.Core.Notifications.Email
                    }
                }

+                client.ServerCertificateValidationCallback = _certificateValidationService.ShouldByPassValidationError;
+
                _logger.Debug("Connecting to mail server");

                client.Connect(settings.Server, settings.Port, serverOption);
--- a/src/NzbDrone.Core/Security/X509CertificateValidationService.cs
+++ b/src/NzbDrone.Core/Security/X509CertificateValidationService.cs
@ -22,14 +22,27 @@ namespace NzbDrone.Core.Security

        public bool ShouldByPassValidationError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
-            if (sender is not SslStream request)
+            var targetHostName = string.Empty;
+
+            if (sender is not SslStream && sender is not string)
            {
                return true;
            }

+            if (sender is SslStream request)
+            {
+                targetHostName = request.TargetHostName;
+            }
+
+            // Mailkit passes host in sender as string
+            if (sender is string stringHost)
+            {
+                targetHostName = stringHost;
+            }
+
            if (certificate is X509Certificate2 cert2 && cert2.SignatureAlgorithm.FriendlyName == "md5RSA")
            {
-                _logger.Error("https://{0} uses the obsolete md5 hash in it's https certificate, if that is your certificate, please (re)create certificate with better algorithm as soon as possible.", request.TargetHostName);
+                _logger.Error("https://{0} uses the obsolete md5 hash in it's https certificate, if that is your certificate, please (re)create certificate with better algorithm as soon as possible.", targetHostName);
            }

            if (sslPolicyErrors == SslPolicyErrors.None)
@ -37,12 +50,12 @@ namespace NzbDrone.Core.Security
                return true;
            }

-            if (request.TargetHostName == "localhost" || request.TargetHostName == "127.0.0.1")
+            if (targetHostName == "localhost" || targetHostName == "127.0.0.1")
            {
                return true;
            }

-            var ipAddresses = GetIPAddresses(request.TargetHostName);
+            var ipAddresses = GetIPAddresses(targetHostName);
            var certificateValidation = _configService.CertificateValidation;

            if (certificateValidation == CertificateValidationType.Disabled)
@ -56,7 +69,7 @@ namespace NzbDrone.Core.Security
                return true;
            }

-            _logger.Error("Certificate validation for {0} failed. {1}", request.TargetHostName, sslPolicyErrors);
+            _logger.Error("Certificate validation for {0} failed. {1}", targetHostName, sslPolicyErrors);

            return false;
        }