mirror of
https://github.com/bitwarden/server.git
synced 2025-07-10 12:24:50 -05:00
[PM-19601] Introduce options for adding certificates to trust without root (#5609)
* Introduce options for adding certificates to the X509ChainPolicy.CustomTrustStore Co-authored-by: tangowithfoxtrot <tangowithfoxtrot@users.noreply.github.com> * Add comments * Fix places I am still calling it TLS options * Format * Format from root * Add more tests * Add HTTP Tests * Format * Switch to empty builder * Remove unneeded helper * Configure logging only once --------- Co-authored-by: tangowithfoxtrot <tangowithfoxtrot@users.noreply.github.com>
This commit is contained in:
@ -1,7 +1,10 @@
|
||||
using Bit.Core.Settings;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using Bit.Core.Platform.X509ChainCustomization;
|
||||
using Bit.Core.Settings;
|
||||
using Bit.Core.Utilities;
|
||||
using MailKit.Net.Smtp;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
using MimeKit;
|
||||
|
||||
namespace Bit.Core.Services;
|
||||
@ -10,12 +13,14 @@ public class MailKitSmtpMailDeliveryService : IMailDeliveryService
|
||||
{
|
||||
private readonly GlobalSettings _globalSettings;
|
||||
private readonly ILogger<MailKitSmtpMailDeliveryService> _logger;
|
||||
private readonly X509ChainOptions _x509ChainOptions;
|
||||
private readonly string _replyDomain;
|
||||
private readonly string _replyEmail;
|
||||
|
||||
public MailKitSmtpMailDeliveryService(
|
||||
GlobalSettings globalSettings,
|
||||
ILogger<MailKitSmtpMailDeliveryService> logger)
|
||||
ILogger<MailKitSmtpMailDeliveryService> logger,
|
||||
IOptions<X509ChainOptions> x509ChainOptions)
|
||||
{
|
||||
if (globalSettings.Mail?.Smtp?.Host == null)
|
||||
{
|
||||
@ -31,6 +36,7 @@ public class MailKitSmtpMailDeliveryService : IMailDeliveryService
|
||||
|
||||
_globalSettings = globalSettings;
|
||||
_logger = logger;
|
||||
_x509ChainOptions = x509ChainOptions.Value;
|
||||
}
|
||||
|
||||
public async Task SendEmailAsync(Models.Mail.MailMessage message)
|
||||
@ -75,6 +81,13 @@ public class MailKitSmtpMailDeliveryService : IMailDeliveryService
|
||||
{
|
||||
client.ServerCertificateValidationCallback = (s, c, h, e) => true;
|
||||
}
|
||||
else if (_x509ChainOptions.TryGetCustomRemoteCertificateValidationCallback(out var callback))
|
||||
{
|
||||
client.ServerCertificateValidationCallback = (sender, cert, chain, errors) =>
|
||||
{
|
||||
return callback(new X509Certificate2(cert), chain, errors);
|
||||
};
|
||||
}
|
||||
|
||||
if (!_globalSettings.Mail.Smtp.StartTls && !_globalSettings.Mail.Smtp.Ssl &&
|
||||
_globalSettings.Mail.Smtp.Port == 25)
|
||||
|
Reference in New Issue
Block a user