Fixed: Use general settings cert validation for email

pull/1461/head
Qstick 3 years ago committed by ta264
parent ae4994571a
commit 706f8310bb

@ -7,18 +7,22 @@ using MailKit.Security;
using MimeKit; using MimeKit;
using NLog; using NLog;
using NzbDrone.Common.Extensions; using NzbDrone.Common.Extensions;
using NzbDrone.Common.Http.Dispatchers;
using NzbDrone.Core.MediaFiles; using NzbDrone.Core.MediaFiles;
using NzbDrone.Core.Security;
namespace NzbDrone.Core.Notifications.Email namespace NzbDrone.Core.Notifications.Email
{ {
public class Email : NotificationBase<EmailSettings> public class Email : NotificationBase<EmailSettings>
{ {
private readonly ICertificateValidationService _certificateValidationService;
private readonly Logger _logger; private readonly Logger _logger;
public override string Name => "Email"; public override string Name => "Email";
public Email(Logger logger) public Email(ICertificateValidationService certificateValidationService, Logger logger)
{ {
_certificateValidationService = certificateValidationService;
_logger = logger; _logger = logger;
} }
@ -174,6 +178,8 @@ namespace NzbDrone.Core.Notifications.Email
} }
} }
client.ServerCertificateValidationCallback = _certificateValidationService.ShouldByPassValidationError;
_logger.Debug("Connecting to mail server"); _logger.Debug("Connecting to mail server");
client.Connect(settings.Server, settings.Port, serverOption); client.Connect(settings.Server, settings.Port, serverOption);

@ -22,14 +22,27 @@ namespace NzbDrone.Core.Security
public bool ShouldByPassValidationError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) public bool ShouldByPassValidationError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ {
if (sender is not SslStream request) var targetHostName = string.Empty;
if (sender is not SslStream && sender is not string)
{ {
return true; return true;
} }
if (sender is SslStream request)
{
targetHostName = request.TargetHostName;
}
// Mailkit passes host in sender as string
if (sender is string stringHost)
{
targetHostName = stringHost;
}
if (certificate is X509Certificate2 cert2 && cert2.SignatureAlgorithm.FriendlyName == "md5RSA") if (certificate is X509Certificate2 cert2 && cert2.SignatureAlgorithm.FriendlyName == "md5RSA")
{ {
_logger.Error("https://{0} uses the obsolete md5 hash in it's https certificate, if that is your certificate, please (re)create certificate with better algorithm as soon as possible.", request.TargetHostName); _logger.Error("https://{0} uses the obsolete md5 hash in it's https certificate, if that is your certificate, please (re)create certificate with better algorithm as soon as possible.", targetHostName);
} }
if (sslPolicyErrors == SslPolicyErrors.None) if (sslPolicyErrors == SslPolicyErrors.None)
@ -37,12 +50,12 @@ namespace NzbDrone.Core.Security
return true; return true;
} }
if (request.TargetHostName == "localhost" || request.TargetHostName == "127.0.0.1") if (targetHostName == "localhost" || targetHostName == "127.0.0.1")
{ {
return true; return true;
} }
var ipAddresses = GetIPAddresses(request.TargetHostName); var ipAddresses = GetIPAddresses(targetHostName);
var certificateValidation = _configService.CertificateValidation; var certificateValidation = _configService.CertificateValidation;
if (certificateValidation == CertificateValidationType.Disabled) if (certificateValidation == CertificateValidationType.Disabled)
@ -56,7 +69,7 @@ namespace NzbDrone.Core.Security
return true; return true;
} }
_logger.Error("Certificate validation for {0} failed. {1}", request.TargetHostName, sslPolicyErrors); _logger.Error("Certificate validation for {0} failed. {1}", targetHostName, sslPolicyErrors);
return false; return false;
} }

Loading…
Cancel
Save