disable_ssl_verification_ldap.rb
· 334 B · Ruby
Raw
# If you've configured "SSL-Verification: true" on previous Zammad-Versions, this setting is going to be a problem.
# Below turns off SSL verification for all LDAP-Sources. You then can login again and have the time needed to fix the configuration.
LdapSource.all.each do |l|
l.preferences.merge!("ssl_verify"=>false)
l.save
end;
| 1 | # If you've configured "SSL-Verification: true" on previous Zammad-Versions, this setting is going to be a problem. |
| 2 | # Below turns off SSL verification for all LDAP-Sources. You then can login again and have the time needed to fix the configuration. |
| 3 | |
| 4 | LdapSource.all.each do |l| |
| 5 | l.preferences.merge!("ssl_verify"=>false) |
| 6 | l.save |
| 7 | end; |
enable_ssl_verification_idoit.rb
· 259 B · Ruby
Raw
# Enable SSL certificate verification for i-doit integration
# (MAY break i-doit functionality if certificates are invalid!)
config = Setting.get('idoit_config')
unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end
| 1 | # Enable SSL certificate verification for i-doit integration |
| 2 | # (MAY break i-doit functionality if certificates are invalid!) |
| 3 | |
| 4 | config = Setting.get('idoit_config') |
| 5 | unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end |
| 6 |
enforce_ssl_verify_true.rb
· 2.0 KiB · Ruby
Raw
# Enables existing Email channels to verify SSL certificates
# (Below command PROBES inbound and outbound and only activates ssl verification if true!)
# Has been enhanced with the help of rolfschmidt
Channel.where(area: 'Email::Account', active: true).all.select do |c|
c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false
end.each do |c|
if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false
c.options['inbound']['options']['ssl_verify'] = true
inbound_result = EmailHelper::Probe.inbound(c.options['inbound'])
puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}"
if inbound_result[:result] == 'ok'
c.options['inbound'][:options][:ssl_verify] = true
c.save!
else
puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}"
c.reload
end
end
if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
c.options['outbound']['options']['ssl_verify'] = true
outbound_result = EmailHelper::Probe.outbound(
c.options['outbound'],
EmailAddress.where(channel_id: c.id).first.email,
)
puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
if outbound_result[:result] == 'ok'
c.options['outbound'][:options][:ssl_verify] = true
c.save!
else
puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}"
c.reload
end
end
end; nil
| 1 | # Enables existing Email channels to verify SSL certificates |
| 2 | # (Below command PROBES inbound and outbound and only activates ssl verification if true!) |
| 3 | # Has been enhanced with the help of rolfschmidt |
| 4 | |
| 5 | Channel.where(area: 'Email::Account', active: true).all.select do |c| |
| 6 | c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false |
| 7 | end.each do |c| |
| 8 | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false |
| 9 | c.options['inbound']['options']['ssl_verify'] = true |
| 10 | inbound_result = EmailHelper::Probe.inbound(c.options['inbound']) |
| 11 | puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}" |
| 12 | |
| 13 | if inbound_result[:result] == 'ok' |
| 14 | c.options['inbound'][:options][:ssl_verify] = true |
| 15 | c.save! |
| 16 | else |
| 17 | puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}" |
| 18 | c.reload |
| 19 | end |
| 20 | end |
| 21 | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false |
| 22 | c.options['outbound']['options']['ssl_verify'] = true |
| 23 | outbound_result = EmailHelper::Probe.outbound( |
| 24 | c.options['outbound'], |
| 25 | EmailAddress.where(channel_id: c.id).first.email, |
| 26 | ) |
| 27 | puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}" |
| 28 | |
| 29 | if outbound_result[:result] == 'ok' |
| 30 | c.options['outbound'][:options][:ssl_verify] = true |
| 31 | c.save! |
| 32 | else |
| 33 | puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}" |
| 34 | c.reload |
| 35 | end |
| 36 | end |
| 37 | end; nil |
| 38 |
optional_enable_es_ssl_verification.rb
· 219 B · Ruby
Raw
# Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
# By default these certificates are self-signed and thus you may not want to run this at all
Setting.set('es_ssl_verify', true)
| 1 | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. |
| 2 | # By default these certificates are self-signed and thus you may not want to run this at all |
| 3 | Setting.set('es_ssl_verify', true) |