Merge from SquaredPotato/smtp-certificate-validation

Adds "Verify certificate" in Settings > SMTP to disable SSL certificate validation, useful for local servers or relays.
tailwind
Harvey Tindall 3 years ago committed by GitHub
commit 2de7182c55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -72,6 +72,7 @@ func (app *appContext) loadConfig() error {
app.MustSetValue("deletion", "email_text", "jfa-go:"+"deleted.txt") app.MustSetValue("deletion", "email_text", "jfa-go:"+"deleted.txt")
app.MustSetValue("smtp", "hello_hostname", "localhost") app.MustSetValue("smtp", "hello_hostname", "localhost")
app.MustSetValue("smtp", "cert_validation", "true")
jfUrl := app.config.Section("jellyfin").Key("server").String() jfUrl := app.config.Section("jellyfin").Key("server").String()
if !(strings.HasPrefix(jfUrl, "http://") || strings.HasPrefix(jfUrl, "https://")) { if !(strings.HasPrefix(jfUrl, "http://") || strings.HasPrefix(jfUrl, "https://")) {

@ -552,6 +552,15 @@
"type": "text", "type": "text",
"value": "", "value": "",
"description": "Use if your SMTP server's SSL Certificate is not trusted by the system." "description": "Use if your SMTP server's SSL Certificate is not trusted by the system."
},
"cert_validation": {
"name": "Verify certificate",
"required": false,
"requires_restart": false,
"advanced": true,
"type": "bool",
"value": true,
"description": "Warning, disabling this makes you much more vulnerable to man-in-the-middle attacks"
} }
} }
}, },

@ -84,7 +84,7 @@ func NewEmailer(app *appContext) *Emailer {
if username == "" && password != "" { if username == "" && password != "" {
username = emailer.fromAddr username = emailer.fromAddr
} }
err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String()) err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String(), app.config.Section("smtp").Key("cert_validation").MustBool(true))
if err != nil { if err != nil {
app.err.Printf("Error while initiating SMTP mailer: %v", err) app.err.Printf("Error while initiating SMTP mailer: %v", err)
} }
@ -110,7 +110,7 @@ type SMTP struct {
} }
// NewSMTP returns an SMTP emailClient. // NewSMTP returns an SMTP emailClient.
func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string, helloHostname string) (err error) { func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string, helloHostname string, validateCertificate bool) (err error) {
sender := &SMTP{} sender := &SMTP{}
sender.Client = sMail.NewSMTPClient() sender.Client = sMail.NewSMTPClient()
if sslTLS { if sslTLS {
@ -131,7 +131,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri
// x509.SystemCertPool is unavailable on windows // x509.SystemCertPool is unavailable on windows
if PLATFORM == "windows" { if PLATFORM == "windows" {
sender.Client.TLSConfig = &tls.Config{ sender.Client.TLSConfig = &tls.Config{
InsecureSkipVerify: false, InsecureSkipVerify: !validateCertificate,
ServerName: server, ServerName: server,
} }
emailer.sender = sender emailer.sender = sender
@ -149,7 +149,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri
} }
} }
sender.Client.TLSConfig = &tls.Config{ sender.Client.TLSConfig = &tls.Config{
InsecureSkipVerify: false, InsecureSkipVerify: !validateCertificate,
ServerName: server, ServerName: server,
RootCAs: rootCAs, RootCAs: rootCAs,
} }

Loading…
Cancel
Save