From 3a1ed825299d4686e4c5efc5324e0a70fc7dee2b Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Mon, 26 Nov 2018 20:21:42 +0100 Subject: [PATCH] Explicitly decide whether to use TLS in mailer's configuration (#5024) * explicitly decide on using TLS for mail connections * explicitly decide on using TLS for mail connections * keep compatibility --- custom/conf/app.ini.sample | 2 ++ docs/content/doc/advanced/config-cheat-sheet.en-us.md | 7 ++++--- modules/mailer/mailer.go | 5 ++--- modules/setting/setting.go | 2 ++ 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 147c99d942f..58d100d805a 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -388,6 +388,8 @@ SKIP_VERIFY = USE_CERTIFICATE = false CERT_FILE = custom/mailer/cert.pem KEY_FILE = custom/mailer/key.pem +; Should SMTP connection use TLS +IS_TLS_ENABLED = false ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format FROM = ; Mailer user name and password diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index a3bded679df..7ea14d2306d 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -62,7 +62,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. HTTP protocol. - `USE_COMPAT_SSH_URI`: **false**: Force ssh:// clone url instead of scp-style uri when default SSH port is used. - + ### Repository - Pull Request (`repository.pull-request`) - `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request title to mark them as Work In Progress @@ -222,6 +222,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. `FROM` and `SENDMAIL_PATH`. - `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be command or full path). +- ``IS_TLS_ENABLED`` : **false** : Decide if SMTP connections should use TLS. ## Cache (`cache`) @@ -310,8 +311,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `TOKEN`: **\**: You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters `bearer_token` or `bearer_token_file`. ## API (`api`) - -- `ENABLE_SWAGGER_ENDPOINT`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true. + +- `ENABLE_SWAGGER_ENDPOINT`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true. - `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page. ## i18n (`i18n`) diff --git a/modules/mailer/mailer.go b/modules/mailer/mailer.go index a54e8361735..e9b752e14db 100644 --- a/modules/mailer/mailer.go +++ b/modules/mailer/mailer.go @@ -122,11 +122,10 @@ func (s *smtpSender) Send(from string, to []string, msg io.WriterTo) error { } defer conn.Close() - isSecureConn := false + isSecureConn := opts.IsTLSEnabled || (strings.HasSuffix(port, "465")) // Start TLS directly if the port ends with 465 (SMTPS protocol) - if strings.HasSuffix(port, "465") { + if isSecureConn { conn = tls.Client(conn, tlsconfig) - isSecureConn = true } client, err := smtp.NewClient(conn, host) diff --git a/modules/setting/setting.go b/modules/setting/setting.go index b0bcd2ead85..1c4814189a4 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -1523,6 +1523,7 @@ type Mailer struct { SkipVerify bool UseCertificate bool CertFile, KeyFile string + IsTLSEnabled bool // Sendmail sender UseSendmail bool @@ -1556,6 +1557,7 @@ func newMailService() { UseCertificate: sec.Key("USE_CERTIFICATE").MustBool(), CertFile: sec.Key("CERT_FILE").String(), KeyFile: sec.Key("KEY_FILE").String(), + IsTLSEnabled: sec.Key("IS_TLS_ENABLED").MustBool(), UseSendmail: sec.Key("USE_SENDMAIL").MustBool(), SendmailPath: sec.Key("SENDMAIL_PATH").MustString("sendmail"),