MrGeneration revised this gist . Go to revision
2 files changed, 2 insertions, 2 deletions
disable_ssl_verification_ldap.rb
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | LdapSource.all.each do |l| | |
| 5 | 5 | l.preferences.merge!("ssl_verify"=>false) | |
| 6 | 6 | l.save | |
| 7 | - | end; | |
| 7 | + | end; | |
optional_enable_es_ssl_verification.rb
| @@ -1,3 +1,3 @@ | |||
| 1 | 1 | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. | |
| 2 | 2 | # By default these certificates are self-signed and thus you may not want to run this at all | |
| 3 | - | Setting.set('es_ssl_verify', true) | |
| 3 | + | Setting.set('es_ssl_verify', true) | |
MrGeneration revised this gist . Go to revision
1 file changed, 7 insertions
disable_ssl_verification_ldap.rb(file created)
| @@ -0,0 +1,7 @@ | |||
| 1 | + | # If you've configured "SSL-Verification: true" on previous Zammad-Versions, this setting is going to be a problem. | |
| 2 | + | # Below turns off SSL verification for all LDAP-Sources. You then can login again and have the time needed to fix the configuration. | |
| 3 | + | ||
| 4 | + | LdapSource.all.each do |l| | |
| 5 | + | l.preferences.merge!("ssl_verify"=>false) | |
| 6 | + | l.save | |
| 7 | + | end; | |
MrGeneration revised this gist . Go to revision
2 files changed, 5 insertions, 6 deletions
enable_ssl_verification_idoit.rb(file created)
| @@ -0,0 +1,5 @@ | |||
| 1 | + | # Enable SSL certificate verification for i-doit integration | |
| 2 | + | # (MAY break i-doit functionality if certificates are invalid!) | |
| 3 | + | ||
| 4 | + | config = Setting.get('idoit_config') | |
| 5 | + | unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end | |
enforce_ssl_verify_true.rb
| @@ -35,9 +35,3 @@ end.each do |c| | |||
| 35 | 35 | end | |
| 36 | 36 | end | |
| 37 | 37 | end; nil | |
| 38 | - | ||
| 39 | - | # Enable SSL certificate verification for i-doit integration | |
| 40 | - | # (MAY break i-doit functionality if certificates are invalid!) | |
| 41 | - | ||
| 42 | - | config = Setting.get('idoit_config') | |
| 43 | - | unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end | |
MrGeneration revised this gist . Go to revision
1 file changed, 1 insertion, 2 deletions
enforce_ssl_verify_true.rb
| @@ -22,8 +22,7 @@ end.each do |c| | |||
| 22 | 22 | c.options['outbound']['options']['ssl_verify'] = true | |
| 23 | 23 | outbound_result = EmailHelper::Probe.outbound( | |
| 24 | 24 | c.options['outbound'], | |
| 25 | - | 'verify-external-smtp-sending@discard.zammad.org', | |
| 26 | - | 'Zammad Probe Outbound', | |
| 25 | + | EmailAddress.where(channel_id: c.id).first.email, | |
| 27 | 26 | ) | |
| 28 | 27 | puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}" | |
| 29 | 28 | ||
MrGeneration revised this gist . Go to revision
1 file changed, 3 insertions
enforce_ssl_verify_true.rb
| @@ -15,9 +15,11 @@ end.each do |c| | |||
| 15 | 15 | c.save! | |
| 16 | 16 | else | |
| 17 | 17 | puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}" | |
| 18 | + | c.reload | |
| 18 | 19 | end | |
| 19 | 20 | end | |
| 20 | 21 | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false | |
| 22 | + | c.options['outbound']['options']['ssl_verify'] = true | |
| 21 | 23 | outbound_result = EmailHelper::Probe.outbound( | |
| 22 | 24 | c.options['outbound'], | |
| 23 | 25 | 'verify-external-smtp-sending@discard.zammad.org', | |
| @@ -30,6 +32,7 @@ end.each do |c| | |||
| 30 | 32 | c.save! | |
| 31 | 33 | else | |
| 32 | 34 | puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}" | |
| 35 | + | c.reload | |
| 33 | 36 | end | |
| 34 | 37 | end | |
| 35 | 38 | end; nil | |
MrGeneration revised this gist . Go to revision
1 file changed, 4 insertions
enforce_ssl_verify_true.rb
| @@ -13,6 +13,8 @@ end.each do |c| | |||
| 13 | 13 | if inbound_result[:result] == 'ok' | |
| 14 | 14 | c.options['inbound'][:options][:ssl_verify] = true | |
| 15 | 15 | c.save! | |
| 16 | + | else | |
| 17 | + | puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}" | |
| 16 | 18 | end | |
| 17 | 19 | end | |
| 18 | 20 | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false | |
| @@ -26,6 +28,8 @@ end.each do |c| | |||
| 26 | 28 | if outbound_result[:result] == 'ok' | |
| 27 | 29 | c.options['outbound'][:options][:ssl_verify] = true | |
| 28 | 30 | c.save! | |
| 31 | + | else | |
| 32 | + | puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}" | |
| 29 | 33 | end | |
| 30 | 34 | end | |
| 31 | 35 | end; nil | |
MrGeneration revised this gist . Go to revision
1 file changed, 1 insertion, 1 deletion
enforce_ssl_verify_true.rb
| @@ -1,6 +1,6 @@ | |||
| 1 | 1 | # Enables existing Email channels to verify SSL certificates | |
| 2 | 2 | # (Below command PROBES inbound and outbound and only activates ssl verification if true!) | |
| 3 | - | # Has been inhanced with the help of rolfschmidt | |
| 3 | + | # Has been enhanced with the help of rolfschmidt | |
| 4 | 4 | ||
| 5 | 5 | Channel.where(area: 'Email::Account', active: true).all.select do |c| | |
| 6 | 6 | c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false | |
MrGeneration revised this gist . Go to revision
1 file changed, 1 insertion, 3 deletions
enforce_ssl_verify_true.rb
| @@ -34,6 +34,4 @@ end; nil | |||
| 34 | 34 | # (MAY break i-doit functionality if certificates are invalid!) | |
| 35 | 35 | ||
| 36 | 36 | config = Setting.get('idoit_config') | |
| 37 | - | unless config.blank? do | |
| 38 | - | Setting.set('idoit_config', config.merge('verify_ssl' => true)) | |
| 39 | - | end | |
| 37 | + | unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end | |
MrGeneration revised this gist . Go to revision
2 files changed, 3 insertions, 4 deletions
enforce_ssl_verify_true.rb
| @@ -37,7 +37,3 @@ config = Setting.get('idoit_config') | |||
| 37 | 37 | unless config.blank? do | |
| 38 | 38 | Setting.set('idoit_config', config.merge('verify_ssl' => true)) | |
| 39 | 39 | end | |
| 40 | - | ||
| 41 | - | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. | |
| 42 | - | # By default these certificates are self-signed and thus you may not want to run this at all | |
| 43 | - | Setting.set('es_ssl_verify', true) | |
optional_enable_es_ssl_verification.rb(file created)
| @@ -0,0 +1,3 @@ | |||
| 1 | + | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. | |
| 2 | + | # By default these certificates are self-signed and thus you may not want to run this at all | |
| 3 | + | Setting.set('es_ssl_verify', true) | |
MrGeneration revised this gist . Go to revision
1 file changed, 26 insertions, 10 deletions
enforce_ssl_verify_true.rb
| @@ -1,18 +1,34 @@ | |||
| 1 | 1 | # Enables existing Email channels to verify SSL certificates | |
| 2 | - | # (MAY break Email communication if certificates are invalid!) | |
| 2 | + | # (Below command PROBES inbound and outbound and only activates ssl verification if true!) | |
| 3 | + | # Has been inhanced with the help of rolfschmidt | |
| 3 | 4 | ||
| 4 | - | Channel | |
| 5 | - | .where(area: 'Email::Account Email::Notification') | |
| 6 | - | .each do |channel| | |
| 7 | - | ['inbound', 'outbound'].each do |dir| | |
| 8 | - | next if ['pop3', 'imap', 'smtp'].exclude?(channel.options.dig(dir, :adapter)) | |
| 9 | - | next if !channel.options[dir].key? :options | |
| 5 | + | Channel.where(area: 'Email::Account', active: true).all.select do |c| | |
| 6 | + | c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false | |
| 7 | + | end.each do |c| | |
| 8 | + | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false | |
| 9 | + | c.options['inbound']['options']['ssl_verify'] = true | |
| 10 | + | inbound_result = EmailHelper::Probe.inbound(c.options['inbound']) | |
| 11 | + | puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}" | |
| 10 | 12 | ||
| 11 | - | channel.options[dir][:options][:ssl_verify] = true | |
| 13 | + | if inbound_result[:result] == 'ok' | |
| 14 | + | c.options['inbound'][:options][:ssl_verify] = true | |
| 15 | + | c.save! | |
| 12 | 16 | end | |
| 13 | - | channel.save! | |
| 14 | 17 | end | |
| 15 | - | end | |
| 18 | + | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false | |
| 19 | + | outbound_result = EmailHelper::Probe.outbound( | |
| 20 | + | c.options['outbound'], | |
| 21 | + | 'verify-external-smtp-sending@discard.zammad.org', | |
| 22 | + | 'Zammad Probe Outbound', | |
| 23 | + | ) | |
| 24 | + | puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}" | |
| 25 | + | ||
| 26 | + | if outbound_result[:result] == 'ok' | |
| 27 | + | c.options['outbound'][:options][:ssl_verify] = true | |
| 28 | + | c.save! | |
| 29 | + | end | |
| 30 | + | end | |
| 31 | + | end; nil | |
| 16 | 32 | ||
| 17 | 33 | # Enable SSL certificate verification for i-doit integration | |
| 18 | 34 | # (MAY break i-doit functionality if certificates are invalid!) | |