Set customize_hostname_check for Swoosh.Adapters.SMTP
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending approval
ci/woodpecker/pr/build-arm64 Pipeline is pending approval
ci/woodpecker/pr/docs Pipeline is pending approval
ci/woodpecker/pr/lint Pipeline is pending approval
ci/woodpecker/pr/test Pipeline is pending approval
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending approval
ci/woodpecker/pr/build-arm64 Pipeline is pending approval
ci/woodpecker/pr/docs Pipeline is pending approval
ci/woodpecker/pr/lint Pipeline is pending approval
ci/woodpecker/pr/test Pipeline is pending approval
This should hopefully fix issues with connecting to SMTP servers with wildcard TLS certificates. Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl Fixes #660
This commit is contained in:
parent
c0a99df06a
commit
615c52cdde
1 changed files with 3 additions and 0 deletions
|
|
@ -86,6 +86,9 @@ defp default_config(Swoosh.Adapters.SMTP, conf, _) do
|
||||||
verify: :verify_peer,
|
verify: :verify_peer,
|
||||||
# some versions have supposedly issues verifying wildcard certs without this
|
# some versions have supposedly issues verifying wildcard certs without this
|
||||||
server_name_indication: relay,
|
server_name_indication: relay,
|
||||||
|
customize_hostname_check: [
|
||||||
|
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
|
||||||
|
],
|
||||||
# the default of 10 is too restrictive
|
# the default of 10 is too restrictive
|
||||||
depth: 32
|
depth: 32
|
||||||
]
|
]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue