Merge from SquaredPotato/smtp-certificate-validation

Adds "Verify certificate" in Settings > SMTP to disable SSL certificate validation, useful for local servers or relays.
2025-01-03 15:00:12 +00:00 · 2021-11-10 19:42:08 +00:00 · 2021-11-10 19:42:08 +00:00 · 2de7182c55
commit 2de7182c55
parent f3e1606440 b7236319ec
3 changed files with 14 additions and 4 deletions
--- a/config.go
+++ b/config.go
@ -72,6 +72,7 @@ func (app *appContext) loadConfig() error {
 	app.MustSetValue("deletion", "email_text", "jfa-go:"+"deleted.txt")

 	app.MustSetValue("smtp", "hello_hostname", "localhost")
+	app.MustSetValue("smtp", "cert_validation", "true")

 	jfUrl := app.config.Section("jellyfin").Key("server").String()
 	if !(strings.HasPrefix(jfUrl, "http://") || strings.HasPrefix(jfUrl, "https://")) {
--- a/config/config-base.json
+++ b/config/config-base.json
@ -552,6 +552,15 @@
                    "type": "text",
                    "value": "",
                    "description": "Use if your SMTP server's SSL Certificate is not trusted by the system."
+                },
+                "cert_validation": {
+                    "name": "Verify certificate",
+                    "required": false,
+                    "requires_restart": false,
+                    "advanced": true,
+                    "type": "bool",
+                    "value": true,
+                    "description": "Warning, disabling this makes you much more vulnerable to man-in-the-middle attacks"
                }
            }
        },
--- a/email.go
+++ b/email.go
@ -84,7 +84,7 @@ func NewEmailer(app *appContext) *Emailer {
 		if username == "" && password != "" {
 			username = emailer.fromAddr
 		}
-		err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String())
+		err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String(), app.config.Section("smtp").Key("cert_validation").MustBool(true))
 		if err != nil {
 			app.err.Printf("Error while initiating SMTP mailer: %v", err)
 		}
@ -110,7 +110,7 @@ type SMTP struct {
 }

 // NewSMTP returns an SMTP emailClient.
-func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string, helloHostname string) (err error) {
+func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string, helloHostname string, validateCertificate bool) (err error) {
 	sender := &SMTP{}
 	sender.Client = sMail.NewSMTPClient()
 	if sslTLS {
@ -131,7 +131,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri
 	// x509.SystemCertPool is unavailable on windows
 	if PLATFORM == "windows" {
 		sender.Client.TLSConfig = &tls.Config{
-			InsecureSkipVerify: false,
+			InsecureSkipVerify: !validateCertificate,
 			ServerName:         server,
 		}
 		emailer.sender = sender
@ -149,7 +149,7 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri
 		}
 	}
 	sender.Client.TLSConfig = &tls.Config{
-		InsecureSkipVerify: false,
+		InsecureSkipVerify: !validateCertificate,
 		ServerName:         server,
 		RootCAs:            rootCAs,
 	}