I'm trying to verify the server certificate using the CA certs in /etc/ssl/certs on my machine.
If I use openssl directly I would do that by setting the ca_path on the context instance for a socket, e.g.
context = OpenSSL::SSL::SSLContext.new
context.ca_path = '/etc/ssl/certs'
context.verify_mode = OpenSSL::SSL::VERIFY_PEER
I can't seem to find a way to pass the ca_path through the Mail::SMTP options and I note through much Googling that the majority of people using ActionMailer and Mail are simply setting openssl_verify_mode = none which is not ideal.
Is there a way to set the ca_path or even a ca_file without any code change?
If not, would it make sense to replace the openssl_verify_mode option with a more generic openssl_context option through which one can pass an instance of OpenSSL::SSL::SSLContext, thus allowing any/all of the context options to be set outside of Mail::SMTP?
I'd be happy to have a go at implementing this, just wanted to make sure it's the best approach first.
One of our users is also having difficulties due to this issue (comment on google group).
OpenSSL::SSL::SSLError (hostname was not match with the server certificate):
app/models/polymorphic/comment.rb:63:in `block in notify_subscribers'
It would be great if the SSL context could be configured via settings.
Closed by #399