Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Option to disable SSL_VERIFICATION for email connection #219

Closed
NanoPolymer opened this issue Aug 23, 2023 · 3 comments
Closed

No Option to disable SSL_VERIFICATION for email connection #219

NanoPolymer opened this issue Aug 23, 2023 · 3 comments
Labels
enhancement
Milestone
v4.2.0

Comments

@NanoPolymer
Copy link

Describe the bug
When using internal connections to a email server that has no valid certificate, the mail connection fails with the following error:

"Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000086:SSL routines::certificate verify failed"

To Reproduce
Steps to reproduce the behavior:

  1. Set up a docker-version of "2FAuth" with configured mail-access to mail server that is using invalid cert
  2. Click "Forgot your password? [Reset it]"
  3. Enter valid email address
  4. See error

Expected behavior
Add a docker-compose config line that disables certificate validation for email server certificates.

Screenshots
image

Desktop (please complete the following information):

  • OS: Windows 10, Linux (Manjaro)
  • Browser: Chromium, Firefox, Edge
  • Version: newest

Additional context
This is only partly a bug, but because the feature missing is a gamebreaking bug for us, I used this template. Please move if you feel this should be a FR.

Thanks,
Lukas
@Bubka
Copy link
Owner

Bubka commented Aug 23, 2023

Hi.
It seems that the Laravel/Symphony Mailer can be configured not to verify peers. The line 'verify_peer' => false, must be added to the file [2fauth_install_dir]/config/mail.php like so:

    'mailers' => [
        'smtp' => [
            'transport' => 'smtp',
            'url' => env('MAIL_URL'),
            'host' => env('MAIL_HOST', 'smtp.mailgun.org'),
            'port' => env('MAIL_PORT', 587),
            'encryption' => env('MAIL_ENCRYPTION', 'tls'),
            'username' => env('MAIL_USERNAME'),
            'password' => env('MAIL_PASSWORD'),
            'timeout' => null,
            'local_domain' => env('MAIL_EHLO_DOMAIN'),
            'verify_peer' => false,
        ],

Can you please make the change and confirm it works so I can add it with an env var to ease its customization.

@NanoPolymer
Copy link
Author

Hey,

this works.

I added the line, restarted the container, then mailing works.

Much appreciated,
Lukas

@Bubka
Copy link
Owner

Bubka commented Aug 24, 2023

The next container upgrade will reset your change. When this time comes, add the environment variable MAIL_VERIFY_SSL_PEER set to false to enable the setting back.

@Bubka Bubka moved this from Todo to Done in 2FAuth backlog Aug 24, 2023
@Bubka Bubka added this to the v4.2.0 milestone Aug 24, 2023
@Bubka Bubka closed this as completed in a96a1ce Aug 28, 2023
@Bubka Bubka moved this from Done to Released in 2FAuth backlog Sep 13, 2023
@Bubka Bubka mentioned this issue Nov 23, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
2FAuth backlog
Status: Released
Milestone
v4.2.0
Development

No branches or pull requests
2 participants
@Bubka @NanoPolymer