From 556c31d4ea9bd519f5110bed94a9cc1c1e4a8692 Mon Sep 17 00:00:00 2001 From: Stefan Schokker Date: Mon, 8 Nov 2021 20:48:55 +0100 Subject: [PATCH 1/2] Add checkbox that allows invalid SMTP certificates to be used. --- config/config-base.json | 9 +++++++++ email.go | 8 ++++---- ts/setup.ts | 3 ++- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/config/config-base.json b/config/config-base.json index 9378c3f..764d97c 100644 --- a/config/config-base.json +++ b/config/config-base.json @@ -552,6 +552,15 @@ "type": "text", "value": "", "description": "Use if your SMTP server's SSL Certificate is not trusted by the system." + }, + "cert_validation": { + "name": "Verify certificate", + "required": false, + "requires_restart": false, + "advanced": true, + "type": "bool", + "value": true, + "description": "Warning, disabling this makes you much more vulnerable to man-in-the-middle attacks" } } }, diff --git a/email.go b/email.go index 3f880df..7bb949f 100644 --- a/email.go +++ b/email.go @@ -84,7 +84,7 @@ func NewEmailer(app *appContext) *Emailer { if username == "" && password != "" { username = emailer.fromAddr } - err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String()) + err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String(), app.config.Section("smtp").Key("cert-validation").MustBool(true)) if err != nil { app.err.Printf("Error while initiating SMTP mailer: %v", err) } @@ -110,7 +110,7 @@ type SMTP struct { } // NewSMTP returns an SMTP emailClient. -func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string, helloHostname string) (err error) { +func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string, helloHostname string, validateCertificate bool) (err error) { sender := &SMTP{} sender.Client = sMail.NewSMTPClient() if sslTLS { @@ -131,7 +131,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri // x509.SystemCertPool is unavailable on windows if PLATFORM == "windows" { sender.Client.TLSConfig = &tls.Config{ - InsecureSkipVerify: false, + InsecureSkipVerify: validateCertificate, ServerName: server, } emailer.sender = sender @@ -149,7 +149,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri } } sender.Client.TLSConfig = &tls.Config{ - InsecureSkipVerify: false, + InsecureSkipVerify: validateCertificate, ServerName: server, RootCAs: rootCAs, } diff --git a/ts/setup.ts b/ts/setup.ts index 02fb37d..2b241c7 100644 --- a/ts/setup.ts +++ b/ts/setup.ts @@ -296,7 +296,8 @@ const settings = { "encryption": new Select(get("smtp-encryption")), "server": new Input(get("smtp-server")), "port": new Input(get("smtp-port")), - "password": new Input(get("smtp-password")) + "password": new Input(get("smtp-password")), + "cert-validation": new Input(get("smtp-cert-validation")) }, "ombi": { "enabled": new Checkbox(get("ombi-enabled"), "", false, "ombi", "enabled"), From b7236319ec01f52d660f8216b9637a35a6082016 Mon Sep 17 00:00:00 2001 From: Stefan Schokker Date: Tue, 9 Nov 2021 21:18:54 +0100 Subject: [PATCH 2/2] Actually use correct variable, actually use variable correctly and added a loadConfig entry --- config.go | 1 + email.go | 6 +++--- ts/setup.ts | 3 +-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config.go b/config.go index 3df5a0e..69cc30c 100644 --- a/config.go +++ b/config.go @@ -72,6 +72,7 @@ func (app *appContext) loadConfig() error { app.MustSetValue("deletion", "email_text", "jfa-go:"+"deleted.txt") app.MustSetValue("smtp", "hello_hostname", "localhost") + app.MustSetValue("smtp", "cert_validation", "true") jfUrl := app.config.Section("jellyfin").Key("server").String() if !(strings.HasPrefix(jfUrl, "http://") || strings.HasPrefix(jfUrl, "https://")) { diff --git a/email.go b/email.go index 7bb949f..b5c5563 100644 --- a/email.go +++ b/email.go @@ -84,7 +84,7 @@ func NewEmailer(app *appContext) *Emailer { if username == "" && password != "" { username = emailer.fromAddr } - err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String(), app.config.Section("smtp").Key("cert-validation").MustBool(true)) + err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String(), app.config.Section("smtp").Key("cert_validation").MustBool(true)) if err != nil { app.err.Printf("Error while initiating SMTP mailer: %v", err) } @@ -131,7 +131,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri // x509.SystemCertPool is unavailable on windows if PLATFORM == "windows" { sender.Client.TLSConfig = &tls.Config{ - InsecureSkipVerify: validateCertificate, + InsecureSkipVerify: !validateCertificate, ServerName: server, } emailer.sender = sender @@ -149,7 +149,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri } } sender.Client.TLSConfig = &tls.Config{ - InsecureSkipVerify: validateCertificate, + InsecureSkipVerify: !validateCertificate, ServerName: server, RootCAs: rootCAs, } diff --git a/ts/setup.ts b/ts/setup.ts index 2b241c7..02fb37d 100644 --- a/ts/setup.ts +++ b/ts/setup.ts @@ -296,8 +296,7 @@ const settings = { "encryption": new Select(get("smtp-encryption")), "server": new Input(get("smtp-server")), "port": new Input(get("smtp-port")), - "password": new Input(get("smtp-password")), - "cert-validation": new Input(get("smtp-cert-validation")) + "password": new Input(get("smtp-password")) }, "ombi": { "enabled": new Checkbox(get("ombi-enabled"), "", false, "ombi", "enabled"),