Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Mailer] add ability to disable the TLS peer verification via DSN #35262

Open
wants to merge 4 commits into
base: master
from

Conversation

@Livda
Copy link

Livda commented Jan 8, 2020

Q A
Branch? 4.4
Bug fix? no
New feature? yes
Deprecations? no
Tickets Fix
License MIT
Doc PR symfony/symfony-docs#

Add the ability to disable the peer TLS verification with the DNS when using EsmtpTransport like this :

MAILER_DSN=smtp://foo@default?verify-peer=false

By default the verification is enabled

Aurélien Fontaine
@stof

This comment has been minimized.

Copy link
Member

stof commented Jan 8, 2020

Do we actually want to allow that ? Disabling peer verification means that your TLS connection is insecure (anyone can do a MitM attack without any issue).

@stof

This comment has been minimized.

Copy link
Member

stof commented Jan 8, 2020

What is the use case to add such feature ?

@nicolas-grekas nicolas-grekas added this to the next milestone Jan 8, 2020
@Livda

This comment has been minimized.

Copy link
Author

Livda commented Jan 9, 2020

In case of internal enterprise SMTP with self signed certificate, it's currently impossible to send mail without this. I'm aware that's an insecure way to do things, but there is no way to force no use of TLS connection to work around this issue. I think it's a good compromise in term of security between no encryption at all and fully authenticated TLS connection.

@derrabus

This comment has been minimized.

Copy link
Contributor

derrabus commented Jan 14, 2020

internal enterprise SMTP with self signed certificate

The way to go here would be to trust your internal CA that signed your certificate. TLS without certificate verification is a big red flag.

@Livda

This comment has been minimized.

Copy link
Author

Livda commented Jan 14, 2020

The way to go here would be to trust your internal CA that signed your certificate. TLS without certificate verification is a big red flag.

The issue here is I cannot trust any CA because it's a self signed certificate. By design there is no CA on a self signed certificate. I do know it's a bad way to do things, but I have no control over the SMTP server which use this certificate.
Currently I'm using Switfmailer without any encryption at all because I can't use this lib. There is no way to not use TLS with this lib, if the server respond with STARTTLS capability, so I've made this PR in order to use this mailer in such case. But I can add a flag to prevent TLS even if the server said it support TLS after the EHLO request.

Copy link
Member

nicolas-grekas left a comment

Thanks, here are some suggestions.

@@ -61,6 +62,10 @@ public function __construct(string $host = 'localhost', int $port = 0, bool $tls

$stream->setHost($host);
$stream->setPort($port);

if (false === $verifyPeer) {
$this->verifyPeer = false;

This comment has been minimized.

Copy link
@nicolas-grekas

nicolas-grekas Jan 14, 2020

Member

there is no need for a new property, instead, the parent::__construct() method should be passed a new SocketStream() with stream socket options properly configured

This comment has been minimized.

Copy link
@Livda

Livda Jan 15, 2020

Author

I configure the stream directly like you suggested. But i'm not sure if I've used the right way to do it, because my SocketStream::streamContextOptions could be set later if SocketStream::setStreamOptions() is called before the SocketStream::initialize() function is called

Aurélien Fontaine added 2 commits Jan 15, 2020
Aurélien Fontaine
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.