Last active 1712838313

With Zammad 6.2 existing configurations for Email channels and i-doit by default have ssl verification disabled. This code snippet activates SSL verification. This change ONLY affects existing, update installations.

Revision 5c31ce2441924f06d854f747edc007fefc468419

enforce_ssl_verify_true.rb Raw
1# Enables existing Email channels to verify SSL certificates
2# (Below command PROBES inbound and outbound and only activates ssl verification if true!)
3# Has been enhanced with the help of rolfschmidt
4
5Channel.where(area: 'Email::Account', active: true).all.select do |c|
6 c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false
7end.each do |c|
8 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false
9 c.options['inbound']['options']['ssl_verify'] = true
10 inbound_result = EmailHelper::Probe.inbound(c.options['inbound'])
11 puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}"
12
13 if inbound_result[:result] == 'ok'
14 c.options['inbound'][:options][:ssl_verify] = true
15 c.save!
16 else
17 puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}"
18 c.reload
19 end
20 end
21 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
22 c.options['outbound']['options']['ssl_verify'] = true
23 outbound_result = EmailHelper::Probe.outbound(
24 c.options['outbound'],
25 EmailAddress.where(channel_id: c.id).first.email,
26 )
27 puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
28
29 if outbound_result[:result] == 'ok'
30 c.options['outbound'][:options][:ssl_verify] = true
31 c.save!
32 else
33 puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}"
34 c.reload
35 end
36 end
37end; nil
38
39# Enable SSL certificate verification for i-doit integration
40# (MAY break i-doit functionality if certificates are invalid!)
41
42config = Setting.get('idoit_config')
43unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end
44
optional_enable_es_ssl_verification.rb Raw
1# Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
2# By default these certificates are self-signed and thus you may not want to run this at all
3Setting.set('es_ssl_verify', true)