MrGeneration revised this gist 2 years ago. Go to revision
2 files changed, 3 insertions, 4 deletions
enforce_ssl_verify_true.rb
| @@ -37,7 +37,3 @@ config = Setting.get('idoit_config') | |||
| 37 | 37 | unless config.blank? do | |
| 38 | 38 | Setting.set('idoit_config', config.merge('verify_ssl' => true)) | |
| 39 | 39 | end | |
| 40 | - | ||
| 41 | - | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. | |
| 42 | - | # By default these certificates are self-signed and thus you may not want to run this at all | |
| 43 | - | Setting.set('es_ssl_verify', true) | |
optional_enable_es_ssl_verification.rb(file created)
| @@ -0,0 +1,3 @@ | |||
| 1 | + | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. | |
| 2 | + | # By default these certificates are self-signed and thus you may not want to run this at all | |
| 3 | + | Setting.set('es_ssl_verify', true) | |
MrGeneration revised this gist 2 years ago. Go to revision
1 file changed, 26 insertions, 10 deletions
enforce_ssl_verify_true.rb
| @@ -1,18 +1,34 @@ | |||
| 1 | 1 | # Enables existing Email channels to verify SSL certificates | |
| 2 | - | # (MAY break Email communication if certificates are invalid!) | |
| 2 | + | # (Below command PROBES inbound and outbound and only activates ssl verification if true!) | |
| 3 | + | # Has been inhanced with the help of rolfschmidt | |
| 3 | 4 | ||
| 4 | - | Channel | |
| 5 | - | .where(area: 'Email::Account Email::Notification') | |
| 6 | - | .each do |channel| | |
| 7 | - | ['inbound', 'outbound'].each do |dir| | |
| 8 | - | next if ['pop3', 'imap', 'smtp'].exclude?(channel.options.dig(dir, :adapter)) | |
| 9 | - | next if !channel.options[dir].key? :options | |
| 5 | + | Channel.where(area: 'Email::Account', active: true).all.select do |c| | |
| 6 | + | c.options.dig('inbound', 'options', 'ssl_verify') == false || c.options.dig('outbound', 'options', 'ssl_verify') == false | |
| 7 | + | end.each do |c| | |
| 8 | + | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('inbound', 'options', 'ssl_verify') == false | |
| 9 | + | c.options['inbound']['options']['ssl_verify'] = true | |
| 10 | + | inbound_result = EmailHelper::Probe.inbound(c.options['inbound']) | |
| 11 | + | puts "INBOUND | channel #{c.id} (#{c.options.dig('inbound', 'options', 'host')}, #{c.options.dig('inbound', 'options', 'user')}) | try SSL verify true, RESULT: #{inbound_result[:result]}" | |
| 10 | 12 | ||
| 11 | - | channel.options[dir][:options][:ssl_verify] = true | |
| 13 | + | if inbound_result[:result] == 'ok' | |
| 14 | + | c.options['inbound'][:options][:ssl_verify] = true | |
| 15 | + | c.save! | |
| 12 | 16 | end | |
| 13 | - | channel.save! | |
| 14 | 17 | end | |
| 15 | - | end | |
| 18 | + | if %[imap smtp pop3].include?(c.options.dig('inbound', 'adapter')) && c.options.dig('outbound', 'options', 'ssl_verify') == false | |
| 19 | + | outbound_result = EmailHelper::Probe.outbound( | |
| 20 | + | c.options['outbound'], | |
| 21 | + | 'verify-external-smtp-sending@discard.zammad.org', | |
| 22 | + | 'Zammad Probe Outbound', | |
| 23 | + | ) | |
| 24 | + | puts "OUTBOUND | channel #{c.id} (#{c.options.dig('outbound', 'options', 'host')}, #{c.options.dig('outbound', 'options', 'user')}) | try SSL verify true, RESULT: #{outbound_result[:result]}" | |
| 25 | + | ||
| 26 | + | if outbound_result[:result] == 'ok' | |
| 27 | + | c.options['outbound'][:options][:ssl_verify] = true | |
| 28 | + | c.save! | |
| 29 | + | end | |
| 30 | + | end | |
| 31 | + | end; nil | |
| 16 | 32 | ||
| 17 | 33 | # Enable SSL certificate verification for i-doit integration | |
| 18 | 34 | # (MAY break i-doit functionality if certificates are invalid!) | |
MrGeneration revised this gist 2 years ago. Go to revision
No changes
MrGeneration revised this gist 2 years ago. Go to revision
1 file changed, 27 insertions, 1 deletion
enforce_ssl_verify_true.rb
| @@ -1 +1,27 @@ | |||
| 1 | - | x | |
| 1 | + | # Enables existing Email channels to verify SSL certificates | |
| 2 | + | # (MAY break Email communication if certificates are invalid!) | |
| 3 | + | ||
| 4 | + | Channel | |
| 5 | + | .where(area: 'Email::Account Email::Notification') | |
| 6 | + | .each do |channel| | |
| 7 | + | ['inbound', 'outbound'].each do |dir| | |
| 8 | + | next if ['pop3', 'imap', 'smtp'].exclude?(channel.options.dig(dir, :adapter)) | |
| 9 | + | next if !channel.options[dir].key? :options | |
| 10 | + | ||
| 11 | + | channel.options[dir][:options][:ssl_verify] = true | |
| 12 | + | end | |
| 13 | + | channel.save! | |
| 14 | + | end | |
| 15 | + | end | |
| 16 | + | ||
| 17 | + | # Enable SSL certificate verification for i-doit integration | |
| 18 | + | # (MAY break i-doit functionality if certificates are invalid!) | |
| 19 | + | ||
| 20 | + | config = Setting.get('idoit_config') | |
| 21 | + | unless config.blank? do | |
| 22 | + | Setting.set('idoit_config', config.merge('verify_ssl' => true)) | |
| 23 | + | end | |
| 24 | + | ||
| 25 | + | # Side note: Elasticsearch has an option to verify SSL as well. This might be an edge case. | |
| 26 | + | # By default these certificates are self-signed and thus you may not want to run this at all | |
| 27 | + | Setting.set('es_ssl_verify', true) | |
MrGeneration revised this gist 2 years ago. Go to revision
1 file changed, 1 insertion
enforce_ssl_verify_true.rb(file created)
| @@ -0,0 +1 @@ | |||
| 1 | + | x | |