From b297fdfbaf7fb2655dd6d4fe37837fe2704caacd Mon Sep 17 00:00:00 2001
From: LifeEncrypter <LifeEncrypter@users.noreply.github.com>
Date: Wed, 3 Jun 2020 16:13:08 +0200
Subject: [PATCH] Added optional SMTP_OPENSSL_VERIFY_MODE (#1703)

* Added optional SMTP_OPENSSL_VERIFY_MODE to fix mailserver certificate issues

* Added optional SMTP_OPENSSL_VERIFY_MODE

Fixed to long line. [139/130]

* Fix multi-line indent

* Remove elseif statements and use much shorter way of checking for SMTP_OPENSSL_VERIFY_MODE

* Too long line again

* Moved SMTP_OPENSSL_VERIFY_OPTION. Specified what it does. Added security warning

Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
---
 config/environments/production.rb | 4 ++++
 sample.env                        | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index b47d2ed8..771a6c69 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -101,6 +101,10 @@ Rails.application.configure do
     }
   end
 
+  # If configured to 'none' don't check the smtp servers certificate
+  ActionMailer::Base.smtp_settings[:openssl_verify_mode] =
+    ENV['SMTP_OPENSSL_VERIFY_MODE'] if ENV['SMTP_OPENSSL_VERIFY_MODE'].present?
+
   # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = true
 
diff --git a/sample.env b/sample.env
index bf4f7249..129f8d80 100644
--- a/sample.env
+++ b/sample.env
@@ -121,6 +121,9 @@ GOOGLE_ANALYTICS_TRACKING_ID=
 #   SMTP_AUTH=plain
 #   SMTP_STARTTLS_AUTO=true
 #
+# Comment this out to disable SMTP certificate verification. This option may pose a security risk.
+#   SMTP_OPENSSL_VERIFY_MODE=none
+#
 SMTP_SERVER=
 SMTP_PORT=
 SMTP_DOMAIN=