Skip to content

Commit

Permalink
Add config to disable system root cert store
Browse files Browse the repository at this point in the history
  • Loading branch information
JosefSchoenberger authored and BlackDex committed May 19, 2024
1 parent d4e66d3 commit f0366d0
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .env.template
Original file line number Diff line number Diff line change
Expand Up @@ -529,6 +529,9 @@
## Paths to PEM files, separated by semicolons
# SMTP_ADDITIONAL_ROOT_CERTS=

## Use system root certificate store for TLS host verification
# SMTP_USE_SYSTEM_ROOT_CERTS=true

##########################
### Rocket settings ###
##########################
Expand Down
2 changes: 2 additions & 0 deletions src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -676,6 +676,8 @@ make_config! {
smtp_accept_invalid_hostnames: bool, true, def, false;
/// Accept additional root certs |> Paths to PEM files, separated by semicolons
smtp_additional_root_certs: String, true, option;
/// Use system root certificate store for TLS host verification
smtp_use_system_root_certs: bool, true, def, true;
},

/// Email 2FA Settings
Expand Down
5 changes: 4 additions & 1 deletion src/mail.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
use lettre::{
message::{Attachment, Body, Mailbox, Message, MultiPart, SinglePart},
transport::smtp::authentication::{Credentials, Mechanism as SmtpAuthMechanism},
transport::smtp::client::{Certificate, Tls, TlsParameters},
transport::smtp::client::{Certificate, CertificateStore, Tls, TlsParameters},
transport::smtp::extension::ClientId,
Address, AsyncSendmailTransport, AsyncSmtpTransport, AsyncTransport, Tokio1Executor,
};
Expand Down Expand Up @@ -67,6 +67,9 @@ fn smtp_transport() -> AsyncSmtpTransport<Tokio1Executor> {
tls_parameters = tls_parameters.add_root_certificate(cert.clone());
}
}
if !CONFIG.smtp_use_system_root_certs() {
tls_parameters = tls_parameters.certificate_store(CertificateStore::None);
}
let tls_parameters = tls_parameters.build().unwrap();

if CONFIG.smtp_security() == *"force_tls" {
Expand Down

0 comments on commit f0366d0

Please sign in to comment.