Like 0
Fork 0

Last active 2 years ago

With Zammad 6.2 existing configurations for Email channels and i-doit by default have ssl verification disabled. This code snippet activates SSL verification. This change ONLY affects existing, update installations.

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

2 files changed, 2 insertions, 2 deletions

disable_ssl_verification_ldap.rb

@@ -4,4 +4,4 @@
4 4 LdapSource.all.each do |l|
5 5 l.preferences.merge!("ssl_verify"=>false)
6 6 l.save
7 - end;
7 + end;

optional_enable_es_ssl_verification.rb

@@ -1,3 +1,3 @@
1 1 # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
2 2 # By default these certificates are self-signed and thus you may not want to run this at all
3 - Setting.set('es_ssl_verify', true)
3 + Setting.set('es_ssl_verify', true)

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

1 file changed, 7 insertions

disable_ssl_verification_ldap.rb(file created)

@@ -0,0 +1,7 @@
1 + # If you've configured "SSL-Verification: true" on previous Zammad-Versions, this setting is going to be a problem.
2 + # Below turns off SSL verification for all LDAP-Sources. You then can login again and have the time needed to fix the configuration.
3 +
4 + LdapSource.all.each do |l|
5 + l.preferences.merge!("ssl_verify"=>false)
6 + l.save
7 + end;

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

2 files changed, 5 insertions, 6 deletions

enable_ssl_verification_idoit.rb(file created)

@@ -0,0 +1,5 @@
1 + # Enable SSL certificate verification for i-doit integration
2 + # (MAY break i-doit functionality if certificates are invalid!)
3 +
4 + config = Setting.get('idoit_config')
5 + unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end

enforce_ssl_verify_true.rb

@@ -35,9 +35,3 @@ end.each do |c|
35 35 end
36 36 end
37 37 end; nil
38 -
39 - # Enable SSL certificate verification for i-doit integration
40 - # (MAY break i-doit functionality if certificates are invalid!)
41 -
42 - config = Setting.get('idoit_config')
43 - unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

1 file changed, 1 insertion, 2 deletions

enforce_ssl_verify_true.rb

@@ -22,8 +22,7 @@ end.each do |c|
22 22 c.options['outbound']['options']['ssl_verify'] = true
23 23 outbound_result = EmailHelper::Probe.outbound(
24 24 c.options['outbound'],
25 - 'verify-external-smtp-sending@discard.zammad.org',
26 - 'Zammad Probe Outbound',
25 + EmailAddress.where(channel_id: c.id).first.email,
27 26 )
28 27 puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
29 28

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

1 file changed, 3 insertions

enforce_ssl_verify_true.rb

@@ -15,9 +15,11 @@ end.each do |c|
15 15 c.save!
16 16 else
17 17 puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}"
18 + c.reload
18 19 end
19 20 end
20 21 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
22 + c.options['outbound']['options']['ssl_verify'] = true
21 23 outbound_result = EmailHelper::Probe.outbound(
22 24 c.options['outbound'],
23 25 'verify-external-smtp-sending@discard.zammad.org',
@@ -30,6 +32,7 @@ end.each do |c|
30 32 c.save!
31 33 else
32 34 puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}"
35 + c.reload
33 36 end
34 37 end
35 38 end; nil

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

1 file changed, 4 insertions

enforce_ssl_verify_true.rb

@@ -13,6 +13,8 @@ end.each do |c|
13 13 if inbound_result[:result] == 'ok'
14 14 c.options['inbound'][:options][:ssl_verify] = true
15 15 c.save!
16 + else
17 + puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}"
16 18 end
17 19 end
18 20 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
@@ -26,6 +28,8 @@ end.each do |c|
26 28 if outbound_result[:result] == 'ok'
27 29 c.options['outbound'][:options][:ssl_verify] = true
28 30 c.save!
31 + else
32 + puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}"
29 33 end
30 34 end
31 35 end; nil

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

1 file changed, 1 insertion, 1 deletion

enforce_ssl_verify_true.rb

@@ -1,6 +1,6 @@
1 1 # Enables existing Email channels to verify SSL certificates
2 2 # (Below command PROBES inbound and outbound and only activates ssl verification if true!)
3 - # Has been inhanced with the help of rolfschmidt
3 + # Has been enhanced with the help of rolfschmidt
4 4
5 5 Channel.where(area: 'Email::Account', active: true).all.select do |c|
6 6 c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

1 file changed, 1 insertion, 3 deletions

enforce_ssl_verify_true.rb

@@ -34,6 +34,4 @@ end; nil
34 34 # (MAY break i-doit functionality if certificates are invalid!)
35 35
36 36 config = Setting.get('idoit_config')
37 - unless config.blank? do
38 - Setting.set('idoit_config', config.merge('verify_ssl' => true))
39 - end
37 + unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

2 files changed, 3 insertions, 4 deletions

enforce_ssl_verify_true.rb

@@ -37,7 +37,3 @@ config = Setting.get('idoit_config')
37 37 unless config.blank? do
38 38 Setting.set('idoit_config', config.merge('verify_ssl' => true))
39 39 end
40 -
41 - # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
42 - # By default these certificates are self-signed and thus you may not want to run this at all
43 - Setting.set('es_ssl_verify', true)

optional_enable_es_ssl_verification.rb(file created)

@@ -0,0 +1,3 @@
1 + # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
2 + # By default these certificates are self-signed and thus you may not want to run this at all
3 + Setting.set('es_ssl_verify', true)

MrGeneration's Avatar MrGeneration revised this gist 2 years ago. Go to revision

1 file changed, 26 insertions, 10 deletions

enforce_ssl_verify_true.rb

@@ -1,18 +1,34 @@
1 1 # Enables existing Email channels to verify SSL certificates
2 - # (MAY break Email communication if certificates are invalid!)
2 + # (Below command PROBES inbound and outbound and only activates ssl verification if true!)
3 + # Has been inhanced with the help of rolfschmidt
3 4
4 - Channel
5 - .where(area: 'Email::Account Email::Notification')
6 - .each do |channel|
7 - ['inbound', 'outbound'].each do |dir|
8 - next if ['pop3', 'imap', 'smtp'].exclude?(channel.options.dig(dir, :adapter))
9 - next if !channel.options[dir].key? :options
5 + Channel.where(area: 'Email::Account', active: true).all.select do |c|
6 + c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false
7 + end.each do |c|
8 + if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false
9 + c.options['inbound']['options']['ssl_verify'] = true
10 + inbound_result = EmailHelper::Probe.inbound(c.options['inbound'])
11 + puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}"
10 12
11 - channel.options[dir][:options][:ssl_verify] = true
13 + if inbound_result[:result] == 'ok'
14 + c.options['inbound'][:options][:ssl_verify] = true
15 + c.save!
12 16 end
13 - channel.save!
14 17 end
15 - end
18 + if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
19 + outbound_result = EmailHelper::Probe.outbound(
20 + c.options['outbound'],
21 + 'verify-external-smtp-sending@discard.zammad.org',
22 + 'Zammad Probe Outbound',
23 + )
24 + puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
25 +
26 + if outbound_result[:result] == 'ok'
27 + c.options['outbound'][:options][:ssl_verify] = true
28 + c.save!
29 + end
30 + end
31 + end; nil
16 32
17 33 # Enable SSL certificate verification for i-doit integration
18 34 # (MAY break i-doit functionality if certificates are invalid!)
Newer Older

Powered by Opengist Load: 11ms

English
ImprintData PrivacyBuy Me A Coffee