Project

General

Profile

Actions

Feature #41738

open

IMAP receive: option to ignore certificate

Added by Grischa Zengel 30 days ago. Updated 4 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

I get

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=10.19.1.103:993 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)

This change works:
imap = Net::IMAP.new(host, port: port, ssl: { :verify_mode => OpenSSL::SSL::VERIFY_NONE })

Perhabs it will fix #38253, too.


Files

41738.patch (736 Bytes) 41738.patch Go MAEDA, 2024-12-08 08:24

Related issues

Related to Redmine - Feature #16707: Integrate support of SSL for POP3 incoming emailsClosed

Actions
Actions #1

Updated by Grischa Zengel 30 days ago

In my case debug was very useful:

debug_client = Net::IMAP.new(hostname, debug: true)

Here are some more options:

    # ==== Options
    #
    # Accepts the following options:
    #
    # [port]
    #   Port number.  Defaults to 993 when +ssl+ is truthy, and 143 otherwise.
    #
    # [ssl]
    #   If +true+, the connection will use TLS with the default params set by
    #   {OpenSSL::SSL::SSLContext#set_params}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-set_params].
    #   If +ssl+ is a hash, it's passed to
    #   {OpenSSL::SSL::SSLContext#set_params}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-set_params];
    #   the keys are names of attribute assignment methods on
    #   SSLContext[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html].  For example:
    #
    #   [{ca_file}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#attribute-i-ca_file]]
    #     The path to a file containing a PEM-format CA certificate.
    #   [{ca_path}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#attribute-i-ca_path]]
    #     The path to a directory containing CA certificates in PEM format.
    #   [{min_version}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-min_version-3D]]
    #     Sets the lower bound on the supported SSL/TLS protocol version. Set to
    #     an +OpenSSL+ constant such as +OpenSSL::SSL::TLS1_2_VERSION+,
    #   [{verify_mode}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#attribute-i-verify_mode]]
    #     SSL session verification mode.  Valid modes include
    #     +OpenSSL::SSL::VERIFY_PEER+ and +OpenSSL::SSL::VERIFY_NONE+.
    #
    #   See {OpenSSL::SSL::SSLContext}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html] for other valid SSL context params.
    #
    #   See DeprecatedClientOptions.new for deprecated SSL arguments.
    #
    # [config]
    #   A Net::IMAP::Config object to use as the basis for #config.  By default,
    #   the global Net::IMAP.config is used.
    #
    #   >>>
    #     *NOTE:* +config+ does not set #config directly---it sets the _parent_
    #     config for inheritance.  Every client creates its own unique #config.
    #
    #   All other keyword arguments are forwarded to Net::IMAP::Config.new, to
    #   initialize the client's #config. For example:
    #
    #   [{open_timeout}[rdoc-ref:Config#open_timeout]]
    #     Seconds to wait until a connection is opened
    #   [{idle_response_timeout}[rdoc-ref:Config#idle_response_timeout]]
    #     Seconds to wait until an IDLE response is received
    #
    #   See Net::IMAP::Config for other valid options.
Actions #2

Updated by Go MAEDA 28 days ago

After reading lib/redmine/pop3.rb, I found that specifying ssl=force for receiving emails via POP3 allows skipping certificate verification. However, despite being available for POP3, this option cannot be set for IMAP4, which lacks consistency. The same option should be available for IMAP4 as well.

source:tags/6.0.1/lib/redmine/pop3.rb#L25

      def check(pop_options={}, options={})
        if pop_options[:ssl]
          ssl = true
          if pop_options[:ssl] == 'force'
            Net::POP3.enable_ssl(OpenSSL::SSL::VERIFY_NONE)
          else
            Net::POP3.enable_ssl(OpenSSL::SSL::VERIFY_PEER)
          end
        else
          ssl = false
        end

Actions #3

Updated by Go MAEDA 28 days ago

  • Tracker changed from Defect to Feature
  • Affected version deleted (6.0.1)
Actions #4

Updated by Grischa Zengel 22 days ago

It's a good solution. Why not putting it on next release?

Actions #5

Updated by Go MAEDA 4 days ago

  • Related to Feature #16707: Integrate support of SSL for POP3 incoming emails added
Actions #6

Updated by Go MAEDA 4 days ago

The attached patch introduces support for the ssl=force option, which allows skipping SSL certificate verification. This change ensures consistency with lib/redmine/pop3.rb.

Actions #7

Updated by Grischa Zengel 4 days ago

Thanks.

You can close #38253.

Actions #8

Updated by Go MAEDA 4 days ago

  • Target version set to Candidate for next major release
Actions

Also available in: Atom PDF