E-Mail: Automatically set 'allow_self_signed=true' for 'mail_smtphost = localhost' #41935

Cybso · 2023-11-30T11:53:42Z

The newer versions of Nextcloud use StartTLS per default, resulting in many bug reports when used with self-signed certificates:

#37329
#37694
#38957
#39452
#39538
#40073

There is a workaround to allow self signed certificates by manually editing config.php:

  "mail_smtpstreamoptions" => array(
    'ssl' => array(
        'allow_self_signed' => true,
        'verify_peer' => false,
        'verify_peer_name' => false
    )   
  ),

But since many users will stumble across this problem let me suggest a small change:

If "mail_smtphost" is set to "localhost" or "127.0.0.1" and the above parameters are not explicitly configured, then assume that the user wants to accept unverified self-signed certificates by default - or do not use StartTLS at all for local connections.

The text was updated successfully, but these errors were encountered:

Cybso · 2023-11-30T12:04:38Z

I have written a short POC patch, works perfectly for me:

nextcloud-41935-poc.patch.txt

Cybso added enhancement 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Nov 30, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

E-Mail: Automatically set 'allow_self_signed=true' for 'mail_smtphost = localhost' #41935

E-Mail: Automatically set 'allow_self_signed=true' for 'mail_smtphost = localhost' #41935

Cybso commented Nov 30, 2023 •

edited

Cybso commented Nov 30, 2023

E-Mail: Automatically set 'allow_self_signed=true' for 'mail_smtphost = localhost' #41935

E-Mail: Automatically set 'allow_self_signed=true' for 'mail_smtphost = localhost' #41935

Comments

Cybso commented Nov 30, 2023 • edited

Cybso commented Nov 30, 2023

Cybso commented Nov 30, 2023 •

edited