EMail: Ignore TLS error doesn't suppress selfsigned cert errors

[otbutz]

⚠️ Please verify that this bug has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

Description

The flag Ignore TLS error doesn't suppress errors generated by selfsigned certificates:

👟 Reproduction steps

1. Create a new notification of type EMail (SMTP)
2. Chose an SMTP server which uses encryption with a selfsigned certificate
3. Select TLS security
4. Select Ignore TLS error
5. Hit Test

👀 Expected behavior

The TLS error should be ignored.

😓 Actual Behavior

self signed certificate in certificate chain

🐻 Uptime-Kuma Version

1.21.1

💻 Operating System and Arch

Ubuntu 22.04

🌐 Browser

Firefox

🐋 Docker Version

No response

🟩 NodeJS Version

No response

📝 Relevant log output

Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1539:34)
    at TLSSocket.emit (node:events:513:28)
    at TLSSocket._finishInit (node:_tls_wrap:953:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:734:12) {
  code: 'ESOCKET',
  command: 'CONN'
}

[whysi]

I've had a similar error recently, on the same version of Uptime-Kuma (1.21.1 on Alpine)

I wanted to use the internal SMTP relay server to send email notifications.
I've configured the security as "None/STARTTLS (25/587)" since the SMTP relay accepts anonymous SMTP connections on port 25 from the IP address of Uptime-Kuma (I've tested this beforehand with other tools and it worked).
I selected "Ignore TLS Error" since I wanted to use port 25 withous TLS termination but I was getting this error ("unable to get local issuer certificate"):

The thing that fixed it for me was to remove the options to "Ignore TLS Error", this way the test worked fine and I received the message:

It seems that with that configuration selected it switched automatically on port 587 with TLS, without it is used port 25 and None. This is not so clear in the web UI or in the docs.
I'm not very good at coding but reading the source code I think that I found confirmation of this thesis here:

uptime-kuma/server/notification-providers/smtp.js

Lines 11 to 18 in f8f19d8

	const config = {
	host: notification.smtpHost,
	port: notification.smtpPort,
	secure: notification.smtpSecure,
	tls: {
	rejectUnauthorized: notification.smtpIgnoreTLSError || false,
	}
	};

In particular line 16, where notification.smtpIgnoreTLSError can be set with that checkbox "Ignore TLS Error" in the notification setup.

I know that this is not the same situation for the bug that @otbutz had, but It's the only similar result that I found on the github issues. If needed I can open another issue to keep track also of this behaviour, I think that changing a bit the UI to explain better how to use the security as "None" on port 25 could be useful for other users.

Thanks.

[federicotravaini]

I fixed this adding NODE_TLS_REJECT_UNAUTHORIZED=0 as env in the docker compose

This was very helpful ##602