Feature #9001
closed
Add checkbox to disable SSL peer verification for SMTP notifications
100%
Description
Some mail servers do not use a certificate that can be validated by the current code (e.g. custom self-signed CA or cert), but they can still benefit from TLS if the user opts to not validate the cert.
The current Pear Mail and Net_SMTP code supports this now, but we need a GUI knob and some backend code to enable it.
Should be simple, one checkbox that sets the right socket option. A user has already confirmed the backend change works, but it needs to be made conditional.
See the attached patch for the part that needs added to disable TLS verification, and see https://forum.netgate.com/topic/136299/pfsense-2-4-4-smtp-question/5 for more discussion.
Files
Updated by Jim Pingle over 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 7da466e1c4b6873b9fb80e862faf8f799a6d4531.
Updated by Luiz Souza over 5 years ago
- Target version changed from 2.4.4-GS to 2.4.4-p1
Updated by Anonymous over 5 years ago
On 2.4.5.a.20181120.0754, feature is present. However, without a misconfigured email server, I can't tell if the feature works as expected.
Updated by Chris Linstruth over 5 years ago
Using a host override to cause a hostname mismatch on a server with a valid certificate I was able to confirm mail could be sent if the verification was disabled and failed if it was enabled. Looks good.