Set customize_hostname_check for Swoosh.Adapters.SMTP #861
No reviewers
Labels
No labels
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
No milestone
No project
No assignees
3 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: AkkomaGang/akkoma#861
Loading…
Reference in a new issue
No description provided.
Delete branch "norm/akkoma:smtp-defaults-fix"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This should hopefully fix issues with connecting to SMTP servers
with wildcard TLS certificates.
Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl
Fixes #660
hm, i wonder, does this break non-ssl'd smtp connections? i doubt it but worth testing if we can
It cannot ever break non-SSL connections since
common_tls_opts
to which the new argument is added, are never applied to the final socket options ifssl
is set to false *(a few lines below the shown context). Otherwise it would already break with the existing defaults.However, when i added the defaults comments in relevant threads suggested setting
server_name_indication
would already fix wildcard certificates; evidently this isn't the case here at least and tbh i was never sure why it should fix wildcard certs. Might be good to drop the wildcard comment fromśerver_name_indication
and just add it to the new setting here instead (but keep the SNI setting; can't hurt to explicitly request the right domain)615c52cdde
tof19d5d1380
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.