Set customize_hostname_check for Swoosh.Adapters.SMTP

This should hopefully fix issues with connecting to SMTP servers with wildcard TLS certificates. Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl Fixes AkkomaGang/akkoma#660
2024-12-17 18:30:01 -05:00 · 2024-12-17 18:30:01 -05:00 · b736086ab6
commit b736086ab6
parent c738f27e77
1 changed files with 3 additions and 0 deletions
--- a/lib/pleroma/emails/mailer.ex
+++ b/lib/pleroma/emails/mailer.ex
@ -86,6 +86,9 @@ defp default_config(Swoosh.Adapters.SMTP, conf, _) do
      verify: :verify_peer,
      # some versions have supposedly issues verifying wildcard certs without this
      server_name_indication: relay,
+      customize_hostname_check: [
+        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
+      ],
      # the default of 10 is too restrictive
      depth: 32
    ]