Describe the bug
EMAIL_TLS_REJECT_UNAUTHORIZED does not work as documented for SMTP magic-link login.
According to the docs and the PR that introduced it, setting EMAIL_TLS_REJECT_UNAUTHORIZED=0 should disable TLS
certificate validation for SMTP relays using self-signed certificates (for example ProtonMail Bridge).
In practice, SplitPro still fails with self-signed certificate, because the env var is parsed with
Boolean(process.env.EMAIL_TLS_REJECT_UNAUTHORIZED), which evaluates "0" and "false" to true.
So it appears impossible to set tls.rejectUnauthorized to false via environment variables.
To Reproduce
Steps to reproduce the behavior:
- Deploy SplitPro with SMTP login enabled
- Use an SMTP relay with a self-signed certificate (for example ProtonMail Bridge)
- Set
EMAIL_TLS_REJECT_UNAUTHORIZED=0
- Try to log in with the email magic link
- See the login email fail to send with
self-signed certificate
Expected behavior
When EMAIL_TLS_REJECT_UNAUTHORIZED=0 is set, SplitPro should configure Nodemailer with tls.rejectUnauthorized = false and successfully send the magic-link email through SMTP relays using self-signed certificates.
Screenshots
Not applicable.
App version
2.1.1 (NEXT_PUBLIC_APP_VERSION=2.1.1)
Desktop (please complete the following information):
- OS: Debian 13 server on Docker host
- Browser: Firefox
- Version: latest
Smartphone (please complete the following information):
Not tested
Additional context
The relevant code introduced in PR #611 appears to be:
EMAIL_TLS_REJECT_UNAUTHORIZED: process.env.EMAIL_TLS_REJECT_UNAUTHORIZED
? Boolean(process.env.EMAIL_TLS_REJECT_UNAUTHORIZED)
: true
This causes:
- EMAIL_TLS_REJECT_UNAUTHORIZED=0 -> Boolean("0") -> true
- EMAIL_TLS_REJECT_UNAUTHORIZED=false -> Boolean("false") -> true
So the variable cannot effectively disable TLS verification.
In our case, the runtime logs still show:
Error sending email [Error: self-signed certificate] { code: 'ESOCKET', command: 'CONN' }
[next-auth][error][SIGNIN_EMAIL_ERROR]
The documentation says:
- EMAIL_TLS_REJECT_UNAUTHORIZED: Validates TLS certificates by default. Set it to 0 if you have a relay that needs it
So the docs are correct, but the boolean parsing seems broken.
Describe the bug
EMAIL_TLS_REJECT_UNAUTHORIZEDdoes not work as documented for SMTP magic-link login.According to the docs and the PR that introduced it, setting
EMAIL_TLS_REJECT_UNAUTHORIZED=0should disable TLScertificate validation for SMTP relays using self-signed certificates (for example ProtonMail Bridge).
In practice, SplitPro still fails with
self-signed certificate, because the env var is parsed withBoolean(process.env.EMAIL_TLS_REJECT_UNAUTHORIZED), which evaluates"0"and"false"totrue.So it appears impossible to set
tls.rejectUnauthorizedtofalsevia environment variables.To Reproduce
Steps to reproduce the behavior:
EMAIL_TLS_REJECT_UNAUTHORIZED=0self-signed certificateExpected behavior
When
EMAIL_TLS_REJECT_UNAUTHORIZED=0is set, SplitPro should configure Nodemailer withtls.rejectUnauthorized = falseand successfully send the magic-link email through SMTP relays using self-signed certificates.Screenshots
Not applicable.
App version
2.1.1(NEXT_PUBLIC_APP_VERSION=2.1.1)Desktop (please complete the following information):
Smartphone (please complete the following information):
Not tested
Additional context
The relevant code introduced in PR #611 appears to be:
This causes:
So the variable cannot effectively disable TLS verification.
In our case, the runtime logs still show:
Error sending email [Error: self-signed certificate] { code: 'ESOCKET', command: 'CONN' }
[next-auth][error][SIGNIN_EMAIL_ERROR]
The documentation says:
So the docs are correct, but the boolean parsing seems broken.