Last active 1712838313

With Zammad 6.2 existing configurations for Email channels and i-doit by default have ssl verification disabled. This code snippet activates SSL verification. This change ONLY affects existing, update installations.

Revision a717a7c17cfb588692fda32c59c8f09aaefe8e28

disable_ssl_verification_ldap.rb Raw
1# If you've configured "SSL-Verification: true" on previous Zammad-Versions, this setting is going to be a problem.
2# Below turns off SSL verification for all LDAP-Sources. You then can login again and have the time needed to fix the configuration.
3
4LdapSource.all.each do |l|
5 l.preferences.merge!("ssl_verify"=>false)
6 l.save
7end;
8
enable_ssl_verification_idoit.rb Raw
1# Enable SSL certificate verification for i-doit integration
2# (MAY break i-doit functionality if certificates are invalid!)
3
4config = Setting.get('idoit_config')
5unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end
6
enforce_ssl_verify_true.rb Raw
1# Enables existing Email channels to verify SSL certificates
2# (Below command PROBES inbound and outbound and only activates ssl verification if true!)
3# Has been enhanced with the help of rolfschmidt
4
5Channel.where(area: 'Email::Account', active: true).all.select do |c|
6 c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false
7end.each do |c|
8 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false
9 c.options['inbound']['options']['ssl_verify'] = true
10 inbound_result = EmailHelper::Probe.inbound(c.options['inbound'])
11 puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}"
12
13 if inbound_result[:result] == 'ok'
14 c.options['inbound'][:options][:ssl_verify] = true
15 c.save!
16 else
17 puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}"
18 c.reload
19 end
20 end
21 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
22 c.options['outbound']['options']['ssl_verify'] = true
23 outbound_result = EmailHelper::Probe.outbound(
24 c.options['outbound'],
25 EmailAddress.where(channel_id: c.id).first.email,
26 )
27 puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
28
29 if outbound_result[:result] == 'ok'
30 c.options['outbound'][:options][:ssl_verify] = true
31 c.save!
32 else
33 puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}"
34 c.reload
35 end
36 end
37end; nil
38
optional_enable_es_ssl_verification.rb Raw
1# Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
2# By default these certificates are self-signed and thus you may not want to run this at all
3Setting.set('es_ssl_verify', true)
4