enforce_ssl_verify_true.rb
· 2.1 KiB · Ruby
Raw
# Enables existing Email channels to verify SSL certificates
# (Below command PROBES inbound and outbound and only activates ssl verification if true!)
# Has been inhanced with the help of rolfschmidt
Channel.where(area: 'Email::Account', active: true).all.select do |c|
c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false
end.each do |c|
if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false
c.options['inbound']['options']['ssl_verify'] = true
inbound_result = EmailHelper::Probe.inbound(c.options['inbound'])
puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}"
if inbound_result[:result] == 'ok'
c.options['inbound'][:options][:ssl_verify] = true
c.save!
end
end
if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
outbound_result = EmailHelper::Probe.outbound(
c.options['outbound'],
'verify-external-smtp-sending@discard.zammad.org',
'Zammad Probe Outbound',
)
puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
if outbound_result[:result] == 'ok'
c.options['outbound'][:options][:ssl_verify] = true
c.save!
end
end
end; nil
# Enable SSL certificate verification for i-doit integration
# (MAY break i-doit functionality if certificates are invalid!)
config = Setting.get('idoit_config')
unless config.blank? do
Setting.set('idoit_config', config.merge('verify_ssl' => true))
end
# Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
# By default these certificates are self-signed and thus you may not want to run this at all
Setting.set('es_ssl_verify', true)
| 1 | # Enables existing Email channels to verify SSL certificates |
| 2 | # (Below command PROBES inbound and outbound and only activates ssl verification if true!) |
| 3 | # Has been inhanced with the help of rolfschmidt |
| 4 | |
| 5 | Channel.where(area: 'Email::Account', active: true).all.select do |c| |
| 6 | c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false |
| 7 | end.each do |c| |
| 8 | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false |
| 9 | c.options['inbound']['options']['ssl_verify'] = true |
| 10 | inbound_result = EmailHelper::Probe.inbound(c.options['inbound']) |
| 11 | puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}" |
| 12 | |
| 13 | if inbound_result[:result] == 'ok' |
| 14 | c.options['inbound'][:options][:ssl_verify] = true |
| 15 | c.save! |
| 16 | end |
| 17 | end |
| 18 | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false |
| 19 | outbound_result = EmailHelper::Probe.outbound( |
| 20 | c.options['outbound'], |
| 21 | 'verify-external-smtp-sending@discard.zammad.org', |
| 22 | 'Zammad Probe Outbound', |
| 23 | ) |
| 24 | puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}" |
| 25 | |
| 26 | if outbound_result[:result] == 'ok' |
| 27 | c.options['outbound'][:options][:ssl_verify] = true |
| 28 | c.save! |
| 29 | end |
| 30 | end |
| 31 | end; nil |
| 32 | |
| 33 | # Enable SSL certificate verification for i-doit integration |
| 34 | # (MAY break i-doit functionality if certificates are invalid!) |
| 35 | |
| 36 | config = Setting.get('idoit_config') |
| 37 | unless config.blank? do |
| 38 | Setting.set('idoit_config', config.merge('verify_ssl' => true)) |
| 39 | end |
| 40 | |
| 41 | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. |
| 42 | # By default these certificates are self-signed and thus you may not want to run this at all |
| 43 | Setting.set('es_ssl_verify', true) |