Feature #41738
open
IMAP receive: option to ignore certificate
Added by Grischa Zengel 11 days ago.
Updated 4 days ago.
Description
I get
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=10.19.1.103:993 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)
This change works:
imap = Net::IMAP.new(host, port: port, ssl: { :verify_mode => OpenSSL::SSL::VERIFY_NONE })
Perhabs it will fix #38253, too.
In my case debug was very useful:
debug_client = Net::IMAP.new(hostname, debug: true)
Here are some more options:
# ==== Options
#
# Accepts the following options:
#
# [port]
# Port number. Defaults to 993 when +ssl+ is truthy, and 143 otherwise.
#
# [ssl]
# If +true+, the connection will use TLS with the default params set by
# {OpenSSL::SSL::SSLContext#set_params}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-set_params].
# If +ssl+ is a hash, it's passed to
# {OpenSSL::SSL::SSLContext#set_params}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-set_params];
# the keys are names of attribute assignment methods on
# SSLContext[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html]. For example:
#
# [{ca_file}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#attribute-i-ca_file]]
# The path to a file containing a PEM-format CA certificate.
# [{ca_path}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#attribute-i-ca_path]]
# The path to a directory containing CA certificates in PEM format.
# [{min_version}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-min_version-3D]]
# Sets the lower bound on the supported SSL/TLS protocol version. Set to
# an +OpenSSL+ constant such as +OpenSSL::SSL::TLS1_2_VERSION+,
# [{verify_mode}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#attribute-i-verify_mode]]
# SSL session verification mode. Valid modes include
# +OpenSSL::SSL::VERIFY_PEER+ and +OpenSSL::SSL::VERIFY_NONE+.
#
# See {OpenSSL::SSL::SSLContext}[https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html] for other valid SSL context params.
#
# See DeprecatedClientOptions.new for deprecated SSL arguments.
#
# [config]
# A Net::IMAP::Config object to use as the basis for #config. By default,
# the global Net::IMAP.config is used.
#
# >>>
# *NOTE:* +config+ does not set #config directly---it sets the _parent_
# config for inheritance. Every client creates its own unique #config.
#
# All other keyword arguments are forwarded to Net::IMAP::Config.new, to
# initialize the client's #config. For example:
#
# [{open_timeout}[rdoc-ref:Config#open_timeout]]
# Seconds to wait until a connection is opened
# [{idle_response_timeout}[rdoc-ref:Config#idle_response_timeout]]
# Seconds to wait until an IDLE response is received
#
# See Net::IMAP::Config for other valid options.
After reading lib/redmine/pop3.rb, I found that specifying ssl=force for receiving emails via POP3 allows skipping certificate verification. However, despite being available for POP3, this option cannot be set for IMAP4, which lacks consistency. The same option should be available for IMAP4 as well.
source:tags/6.0.1/lib/redmine/pop3.rb#L25
def check(pop_options={}, options={})
if pop_options[:ssl]
ssl = true
if pop_options[:ssl] == 'force'
Net::POP3.enable_ssl(OpenSSL::SSL::VERIFY_NONE)
else
Net::POP3.enable_ssl(OpenSSL::SSL::VERIFY_PEER)
end
else
ssl = false
end
- Tracker changed from Defect to Feature
- Affected version deleted (
6.0.1)
It's a good solution. Why not putting it on next release?
Also available in: Atom
PDF
Updated by 
Updated by