AkkomaGang/akkoma
AkkomaGang/akkoma
17
68
Fork 110
Code Issues 146 Pull requests 16 Projects 2 Releases 21 Packages Wiki Activity

Set customize_hostname_check for Swoosh.Adapters.SMTP #861

Merged
floatingghost merged 1 commit from norm/akkoma:smtp-defaults-fix into develop 2025-01-05 15:43:16 +00:00
Conversation 3 Commits 1 Files changed 1 +7 -1
norm commented 2024-12-17 23:35:25 +00:00
Contributor
Copy link

This should hopefully fix issues with connecting to SMTP servers
with wildcard TLS certificates.

Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl

Fixes #660

This should hopefully fix issues with connecting to SMTP servers with wildcard TLS certificates. Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl Fixes https://akkoma.dev/AkkomaGang/akkoma/issues/660
floatingghost commented 2024-12-18 10:40:44 +00:00
Owner
Copy link

hm, i wonder, does this break non-ssl'd smtp connections? i doubt it but worth testing if we can

hm, i wonder, does this break _non_-ssl'd smtp connections? i doubt it but worth testing if we can
Oneric commented 2024-12-18 14:50:38 +00:00
Owner
Copy link

It cannot ever break non-SSL connections since common_tls_opts to which the new argument is added, are never applied to the final socket options if ssl is set to false *(a few lines below the shown context). Otherwise it would already break with the existing defaults.

However, when i added the defaults comments in relevant threads suggested setting server_name_indication would already fix wildcard certificates; evidently this isn't the case here at least and tbh i was never sure why it should fix wildcard certs. Might be good to drop the wildcard comment from śerver_name_indication and just add it to the new setting here instead (but keep the SNI setting; can't hurt to explicitly request the right domain)

It cannot ever break non-SSL connections since `common_tls_opts` to which the new argument is added, are never applied to the final socket options if `ssl` is set to false *(a few lines below the shown context). Otherwise it would already break with the existing defaults. However, when i added the defaults comments in relevant threads suggested setting `server_name_indication` would already fix wildcard certificates; evidently this isn't the case here at least and tbh i was never sure why it should fix wildcard certs. Might be good to drop the wildcard comment from `śerver_name_indication` and just add it to the new setting here instead *(but keep the SNI setting; can't hurt to explicitly request the right domain)*
norm force-pushed smtp-defaults-fix from 615c52cdde
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending approval
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending approval
Details
ci/woodpecker/pr/docs Pipeline is pending approval
Details
ci/woodpecker/pr/lint Pipeline is pending approval
Details
ci/woodpecker/pr/test Pipeline is pending approval
Details
to f19d5d1380
Some checks are pending
ci/woodpecker/pull_request_closed/build-amd64 Pipeline is pending approval
Details
ci/woodpecker/pull_request_closed/build-arm64 Pipeline is pending approval
Details
ci/woodpecker/pull_request_closed/docs Pipeline is pending approval
Details
ci/woodpecker/pull_request_closed/lint Pipeline is pending approval
Details
ci/woodpecker/pull_request_closed/test Pipeline is pending approval
Details
ci/woodpecker/pr/build-amd64 Pipeline is pending approval
Details
ci/woodpecker/pr/lint Pipeline is pending approval
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending approval
Details
ci/woodpecker/pr/docs Pipeline is pending approval
Details
ci/woodpecker/pr/test Pipeline is pending approval
Details
2024-12-18 19:37:35 +00:00 Compare
Oneric approved these changes 2024-12-18 19:57:16 +00:00
floatingghost deleted branch smtp-defaults-fix 2025-01-05 15:43:17 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Oneric
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
cannot reproduce

   
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs change/feedback

Issue or PR is stalled on response from the author or a third party

  
needs docs

   
needs tests

   
not a bug

   
not our bug

Bug in a dependency of ours (meaning we can't just fix it), or in another AP implementation or client interfacing with Akkoma (which needs to be fixed on their end)

  
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
setup issue

Issue arose from a misconfiguration by the admin, custom patches, manual db edits or similar

  
static_fe

   
triage

   
wontfix

This won't be fixed

No labels
approved, awaiting change
bug
cannot reproduce
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs change/feedback
needs docs
needs tests
not a bug
not our bug
planned
pleroma_api
privacy
question
setup issue
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
AkkomaGang/akkoma!861
No description provided.