-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow SelfSigned/Untrusted certificates for outgoing mail servers #1901
Comments
I guess the solution would be the same as #1413 |
Why not get a valid certificate? These days, with LetsEncrypt and other free certificate providers, there is no reasons to not have a valid certificate. |
I also needed to be able to use an smtp server that uses a self signed cert (which I don't control), I made the attached changes to allow me to configure support for self signed certs. |
I own a Zimbra Community server which comes with self signed certificates. Unfortunately, it is not easy to use letsencrypt certificates in that case so having an option to either pin TLS certificates or to disable certificate verification is still mandatory. |
Not everyone has the possibility to get a free cert. |
Sadly, even after fixxing the patch with the newest source code, it doesnt work anymore... |
I'm influenced by this as well |
have this problem too :[[ |
This issue has been automatically marked as stale because it has not had recent activity and it seems to be missing some essential informations. It will be closed if no further activity occurs. Thank you for your contributions. |
https://unix.stackexchange.com/a/132163 here is another workaround. If you add the self-signed certificate to your certificate manager connections are accepted. |
in nextcloud/head, I'm setting up Email server (https://nextcloud.pgnd.lan/settings/admin) my config includes
I submit mail to a local mail server instance on the LAN, locked down with an internal self-signed, SSL cert. When I click "Test email settings : Send Email", it FAILs with,
This apparently is a known problem, from Sep '18,
As suggested there, editing
fixes THAT problem -- email's sent/received
IMO, this is not an 'enhancement' as much as a 'bug'. Inability to submit to completely legit SMTP email servers, with perfectly valid internal-CA/enterprise certs, is brokenness, not a missing feature. And no, "just use LetsEncrypt", is not a solution, |
No. Nextcloud (php actually) checks your system certificate storage. System trusts the certificate => No patch required. |
My CA crt is available on the server. It's just not insecurely in the SYSTEM-WIDE root store. For intra-LAN-based comms, I do not use the system instance of openssl; rather I use one at '/some/other/bin/path/openssl', with relevant certs @ /some/other/secure/credential/path/*.pem, specified on a per-app basis. I add the certs if & as necessary ONLY for authorized apps. For client apps such as browsers, e.g. Firefox, the app has a cerfificate store to which one can add CA & client certs. It's deployed using Firefox's enterprise policy options. For server apps such as Nginx, Postfix, etc, CA & client certs for intra-LAN server comms are, again, specific for each server app in their respective configurations. Backend, intra-lan comms use own-CA, self-signed certs with each app getting a config for the trusted_cert & ssl_cert locations; public-facing frontends use public-CA (e.g. LetsEncrypt) -signed certs, with app certs specified in per-app dirs. How can NC be configured simlarly, using different certs/stores for different tasks? PHP's ssl context options include options for specifying 'cafile', 'local_cert', 'local_pk', etc. wherein php checks the system certificate you tell it to check. also there's the NC option for
|
#12766 exposed the swift mailer streaming options. Add the above to your |
Steps to reproduce
Expected behaviour
Would expect that the server accepts Self Signed certificates, or display a warning about its certificate.
Actual behaviour
Nextcloud test error comes back with:
A problem occurred while sending the email. Please revise your settings. (Error: Connection could not be established with host mail.***.nl [ #0])
Server configuration
Operating system: Raspbian Jesse
Web server: Apache 2.4.10
Database: Mysql 5.5.52
PHP version: 5.6.26
Nextcloud version: 10.0.1
Updated from an older Nextcloud/ownCloud or fresh install: Fresh
Where did you install Nextcloud from: Zip File
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
The content of config/config.php:
Config report
Basicly the 'bug' is that the error message only shows error #0 ,
This message should maybe include something more then #0, like certificate is invalid.
The feature request is to include a selection box (with big warnings) that allows the use of self signed (or untrusted) certificates.
The text was updated successfully, but these errors were encountered: