Fixed: Use general settings cert validation for email

src/NzbDrone.Core/Notifications/Email/Email.cs

@@ -7,18 +7,22 @@ using MailKit.Security;
 using MimeKit;
 using NLog;
 using NzbDrone.Common.Extensions;
+using NzbDrone.Common.Http.Dispatchers;
 using NzbDrone.Core.MediaFiles;
+using NzbDrone.Core.Security;
 
 namespace NzbDrone.Core.Notifications.Email
 {
     public class Email : NotificationBase<EmailSettings>
     {
+        private readonly ICertificateValidationService _certificateValidationService;
         private readonly Logger _logger;
 
         public override string Name => "Email";
 
-        public Email(Logger logger)
+        public Email(ICertificateValidationService certificateValidationService, Logger logger)
         {
+            _certificateValidationService = certificateValidationService;
             _logger = logger;
         }
 
@@ -174,6 +178,8 @@ namespace NzbDrone.Core.Notifications.Email
                     }
                 }
 
+                client.ServerCertificateValidationCallback = _certificateValidationService.ShouldByPassValidationError;
+
                 _logger.Debug("Connecting to mail server");
 
                 client.Connect(settings.Server, settings.Port, serverOption);

src/NzbDrone.Core/Security/X509CertificateValidationService.cs

@@ -22,14 +22,27 @@ namespace NzbDrone.Core.Security
 
         public bool ShouldByPassValidationError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
-            if (sender is not SslStream request)
+            var targetHostName = string.Empty;
+
+            if (sender is not SslStream && sender is not string)
             {
                 return true;
             }
 
+            if (sender is SslStream request)
+            {
+                targetHostName = request.TargetHostName;
+            }
+
+            // Mailkit passes host in sender as string
+            if (sender is string stringHost)
+            {
+                targetHostName = stringHost;
+            }
+
             if (certificate is X509Certificate2 cert2 && cert2.SignatureAlgorithm.FriendlyName == "md5RSA")
             {
-                _logger.Error("https://{0} uses the obsolete md5 hash in it's https certificate, if that is your certificate, please (re)create certificate with better algorithm as soon as possible.", request.TargetHostName);
+                _logger.Error("https://{0} uses the obsolete md5 hash in it's https certificate, if that is your certificate, please (re)create certificate with better algorithm as soon as possible.", targetHostName);
             }
 
             if (sslPolicyErrors == SslPolicyErrors.None)
@@ -37,12 +50,12 @@ namespace NzbDrone.Core.Security
                 return true;
             }
 
-            if (request.TargetHostName == "localhost" || request.TargetHostName == "127.0.0.1")
+            if (targetHostName == "localhost" || targetHostName == "127.0.0.1")
             {
                 return true;
             }
 
-            var ipAddresses = GetIPAddresses(request.TargetHostName);
+            var ipAddresses = GetIPAddresses(targetHostName);
             var certificateValidation = _configService.CertificateValidation;
 
             if (certificateValidation == CertificateValidationType.Disabled)
@@ -56,7 +69,7 @@ namespace NzbDrone.Core.Security
                 return true;
             }
 
-            _logger.Error("Certificate validation for {0} failed. {1}", request.TargetHostName, sslPolicyErrors);
+            _logger.Error("Certificate validation for {0} failed. {1}", targetHostName, sslPolicyErrors);
 
             return false;
         }