Favorisieren 0
Fork 0

Zuletzt aktiv 1712838313

With Zammad 6.2 existing configurations for Email channels and i-doit by default have ssl verification disabled. This code snippet activates SSL verification. This change ONLY affects existing, update installations.

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1712838313. Zu Änderung gehen

2 files changed, 2 insertions, 2 deletions

disable_ssl_verification_ldap.rb

@@ -4,4 +4,4 @@
4 4 LdapSource.all.each do |l|
5 5 l.preferences.merge!("ssl_verify"=>false)
6 6 l.save
7 - end;
7 + end;

optional_enable_es_ssl_verification.rb

@@ -1,3 +1,3 @@
1 1 # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
2 2 # By default these certificates are self-signed and thus you may not want to run this at all
3 - Setting.set('es_ssl_verify', true)
3 + Setting.set('es_ssl_verify', true)

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1707292431. Zu Änderung gehen

1 file changed, 7 insertions

disable_ssl_verification_ldap.rb(Datei erstellt)

@@ -0,0 +1,7 @@
1 + # If you've configured "SSL-Verification: true" on previous Zammad-Versions, this setting is going to be a problem.
2 + # Below turns off SSL verification for all LDAP-Sources. You then can login again and have the time needed to fix the configuration.
3 +
4 + LdapSource.all.each do |l|
5 + l.preferences.merge!("ssl_verify"=>false)
6 + l.save
7 + end;

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1702298479. Zu Änderung gehen

2 files changed, 5 insertions, 6 deletions

enable_ssl_verification_idoit.rb(Datei erstellt)

@@ -0,0 +1,5 @@
1 + # Enable SSL certificate verification for i-doit integration
2 + # (MAY break i-doit functionality if certificates are invalid!)
3 +
4 + config = Setting.get('idoit_config')
5 + unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end

enforce_ssl_verify_true.rb

@@ -35,9 +35,3 @@ end.each do |c|
35 35 end
36 36 end
37 37 end; nil
38 -
39 - # Enable SSL certificate verification for i-doit integration
40 - # (MAY break i-doit functionality if certificates are invalid!)
41 -
42 - config = Setting.get('idoit_config')
43 - unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1702298358. Zu Änderung gehen

1 file changed, 1 insertion, 2 deletions

enforce_ssl_verify_true.rb

@@ -22,8 +22,7 @@ end.each do |c|
22 22 c.options['outbound']['options']['ssl_verify'] = true
23 23 outbound_result = EmailHelper::Probe.outbound(
24 24 c.options['outbound'],
25 - 'verify-external-smtp-sending@discard.zammad.org',
26 - 'Zammad Probe Outbound',
25 + EmailAddress.where(channel_id: c.id).first.email,
27 26 )
28 27 puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
29 28

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1702297860. Zu Änderung gehen

1 file changed, 3 insertions

enforce_ssl_verify_true.rb

@@ -15,9 +15,11 @@ end.each do |c|
15 15 c.save!
16 16 else
17 17 puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}"
18 + c.reload
18 19 end
19 20 end
20 21 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
22 + c.options['outbound']['options']['ssl_verify'] = true
21 23 outbound_result = EmailHelper::Probe.outbound(
22 24 c.options['outbound'],
23 25 'verify-external-smtp-sending@discard.zammad.org',
@@ -30,6 +32,7 @@ end.each do |c|
30 32 c.save!
31 33 else
32 34 puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}"
35 + c.reload
33 36 end
34 37 end
35 38 end; nil

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1701906922. Zu Änderung gehen

1 file changed, 4 insertions

enforce_ssl_verify_true.rb

@@ -13,6 +13,8 @@ end.each do |c|
13 13 if inbound_result[:result] == 'ok'
14 14 c.options['inbound'][:options][:ssl_verify] = true
15 15 c.save!
16 + else
17 + puts " - DEBUG - response: #{inbound_result[:message]}; human message: #{inbound_result[:message_human]}; possibly invalid fields: #{inbound_result[:invalid_field]}"
16 18 end
17 19 end
18 20 if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
@@ -26,6 +28,8 @@ end.each do |c|
26 28 if outbound_result[:result] == 'ok'
27 29 c.options['outbound'][:options][:ssl_verify] = true
28 30 c.save!
31 + else
32 + puts " - DEBUG - response: #{outbound_result[:message]}; human message: #{outbound_result[:message_human]}; possibly invalid fields: #{outbound_result[:invalid_field]}"
29 33 end
30 34 end
31 35 end; nil

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1701789082. Zu Änderung gehen

1 file changed, 1 insertion, 1 deletion

enforce_ssl_verify_true.rb

@@ -1,6 +1,6 @@
1 1 # Enables existing Email channels to verify SSL certificates
2 2 # (Below command PROBES inbound and outbound and only activates ssl verification if true!)
3 - # Has been inhanced with the help of rolfschmidt
3 + # Has been enhanced with the help of rolfschmidt
4 4
5 5 Channel.where(area: 'Email::Account', active: true).all.select do |c|
6 6 c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1701786731. Zu Änderung gehen

1 file changed, 1 insertion, 3 deletions

enforce_ssl_verify_true.rb

@@ -34,6 +34,4 @@ end; nil
34 34 # (MAY break i-doit functionality if certificates are invalid!)
35 35
36 36 config = Setting.get('idoit_config')
37 - unless config.blank? do
38 - Setting.set('idoit_config', config.merge('verify_ssl' => true))
39 - end
37 + unless config.blank? ; then Setting.set('idoit_config', config.merge('verify_ssl' => true)) end

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1701786570. Zu Änderung gehen

2 files changed, 3 insertions, 4 deletions

enforce_ssl_verify_true.rb

@@ -37,7 +37,3 @@ config = Setting.get('idoit_config')
37 37 unless config.blank? do
38 38 Setting.set('idoit_config', config.merge('verify_ssl' => true))
39 39 end
40 -
41 - # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
42 - # By default these certificates are self-signed and thus you may not want to run this at all
43 - Setting.set('es_ssl_verify', true)

optional_enable_es_ssl_verification.rb(Datei erstellt)

@@ -0,0 +1,3 @@
1 + # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case.
2 + # By default these certificates are self-signed and thus you may not want to run this at all
3 + Setting.set('es_ssl_verify', true)

MrGeneration's Avatar MrGeneration hat die Gist bearbeitet 1701786533. Zu Änderung gehen

1 file changed, 26 insertions, 10 deletions

enforce_ssl_verify_true.rb

@@ -1,18 +1,34 @@
1 1 # Enables existing Email channels to verify SSL certificates
2 - # (MAY break Email communication if certificates are invalid!)
2 + # (Below command PROBES inbound and outbound and only activates ssl verification if true!)
3 + # Has been inhanced with the help of rolfschmidt
3 4
4 - Channel
5 - .where(area: 'Email::Account Email::Notification')
6 - .each do |channel|
7 - ['inbound', 'outbound'].each do |dir|
8 - next if ['pop3', 'imap', 'smtp'].exclude?(channel.options.dig(dir, :adapter))
9 - next if !channel.options[dir].key? :options
5 + Channel.where(area: 'Email::Account', active: true).all.select do |c|
6 + c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false
7 + end.each do |c|
8 + if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false
9 + c.options['inbound']['options']['ssl_verify'] = true
10 + inbound_result = EmailHelper::Probe.inbound(c.options['inbound'])
11 + puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}"
10 12
11 - channel.options[dir][:options][:ssl_verify] = true
13 + if inbound_result[:result] == 'ok'
14 + c.options['inbound'][:options][:ssl_verify] = true
15 + c.save!
12 16 end
13 - channel.save!
14 17 end
15 - end
18 + if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false
19 + outbound_result = EmailHelper::Probe.outbound(
20 + c.options['outbound'],
21 + 'verify-external-smtp-sending@discard.zammad.org',
22 + 'Zammad Probe Outbound',
23 + )
24 + puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}"
25 +
26 + if outbound_result[:result] == 'ok'
27 + c.options['outbound'][:options][:ssl_verify] = true
28 + c.save!
29 + end
30 + end
31 + end; nil
16 32
17 33 # Enable SSL certificate verification for i-doit integration
18 34 # (MAY break i-doit functionality if certificates are invalid!)
Neuer Älter

Powered by Opengist Load: 15ms

Deutsch
ImprintData PrivacyBuy Me A Coffee