Project

General

Profile

Actions

Feature #9001

closed

Add checkbox to disable SSL peer verification for SMTP notifications

Added by Jim Pingle about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Notifications
Target version:
Start date:
10/03/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Some mail servers do not use a certificate that can be validated by the current code (e.g. custom self-signed CA or cert), but they can still benefit from TLS if the user opts to not validate the cert.

The current Pear Mail and Net_SMTP code supports this now, but we need a GUI knob and some backend code to enable it.

Should be simple, one checkbox that sets the right socket option. A user has already confirmed the backend change works, but it needs to be made conditional.

See the attached patch for the part that needs added to disable TLS verification, and see https://forum.netgate.com/topic/136299/pfsense-2-4-4-smtp-question/5 for more discussion.


Files

smtp-verify.diff (529 Bytes) smtp-verify.diff Jim Pingle, 10/03/2018 10:20 AM
Actions #1

Updated by Jim Pingle about 3 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Luiz Souza about 3 years ago

  • Target version changed from 2.4.4-GS to 2.4.4-p1
Actions #3

Updated by Anonymous about 3 years ago

On 2.4.5.a.20181120.0754, feature is present. However, without a misconfigured email server, I can't tell if the feature works as expected.

Actions #4

Updated by Chris Linstruth about 3 years ago

Using a host override to cause a hostname mismatch on a server with a valid certificate I was able to confirm mail could be sent if the verification was disabled and failed if it was enabled. Looks good.

Actions #5

Updated by Jim Pingle about 3 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF