mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-16 04:12:53 +01:00
Code Issues Releases Aktivität

Add config to disable system root cert store

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Josef Schönberger 2024-02-27 15:42:13 +01:00 committet von Mathijs van Veluw
Ursprung d4e66d38b1
Commit f0366d054f
3 geänderte Dateien mit 9 neuen und 1 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

3
.env.template
Datei anzeigen

@ -529,6 +529,9 @@
## Paths to PEM files, separated by semicolons ## Paths to PEM files, separated by semicolons
# SMTP_ADDITIONAL_ROOT_CERTS= # SMTP_ADDITIONAL_ROOT_CERTS=
## Use system root certificate store for TLS host verification
# SMTP_USE_SYSTEM_ROOT_CERTS=true
########################## ##########################
### Rocket settings ### ### Rocket settings ###
########################## ##########################

2
src/config.rs
Datei anzeigen

@ -676,6 +676,8 @@ make_config! {
smtp_accept_invalid_hostnames: bool, true, def, false; smtp_accept_invalid_hostnames: bool, true, def, false;
/// Accept additional root certs |> Paths to PEM files, separated by semicolons /// Accept additional root certs |> Paths to PEM files, separated by semicolons
smtp_additional_root_certs: String, true, option; smtp_additional_root_certs: String, true, option;
/// Use system root certificate store for TLS host verification
smtp_use_system_root_certs: bool, true, def, true;
}, },
/// Email 2FA Settings /// Email 2FA Settings

5
src/mail.rs
Datei anzeigen

@ -7,7 +7,7 @@ use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
use lettre::{ use lettre::{
message::{Attachment, Body, Mailbox, Message, MultiPart, SinglePart}, message::{Attachment, Body, Mailbox, Message, MultiPart, SinglePart},
transport::smtp::authentication::{Credentials, Mechanism as SmtpAuthMechanism}, transport::smtp::authentication::{Credentials, Mechanism as SmtpAuthMechanism},
transport::smtp::client::{Certificate, Tls, TlsParameters}, transport::smtp::client::{Certificate, CertificateStore, Tls, TlsParameters},
transport::smtp::extension::ClientId, transport::smtp::extension::ClientId,
Address, AsyncSendmailTransport, AsyncSmtpTransport, AsyncTransport, Tokio1Executor, Address, AsyncSendmailTransport, AsyncSmtpTransport, AsyncTransport, Tokio1Executor,
}; };
@ -67,6 +67,9 @@ fn smtp_transport() -> AsyncSmtpTransport<Tokio1Executor> {
tls_parameters = tls_parameters.add_root_certificate(cert.clone()); tls_parameters = tls_parameters.add_root_certificate(cert.clone());
} }
} }
if !CONFIG.smtp_use_system_root_certs() {
tls_parameters = tls_parameters.certificate_store(CertificateStore::None);
}
let tls_parameters = tls_parameters.build().unwrap(); let tls_parameters = tls_parameters.build().unwrap();
if CONFIG.smtp_security() == *"force_tls" { if CONFIG.smtp_security() == *"force_tls" {