1
0
mirror of https://github.com/bitwarden/server.git synced 2025-07-10 12:24:50 -05:00

[PM-19601] Introduce options for adding certificates to trust without root (#5609)

* Introduce options for adding certificates to the X509ChainPolicy.CustomTrustStore

Co-authored-by: tangowithfoxtrot <tangowithfoxtrot@users.noreply.github.com>

* Add comments

* Fix places I am still calling it TLS options

* Format

* Format from root

* Add more tests

* Add HTTP Tests

* Format

* Switch to empty builder

* Remove unneeded helper

* Configure logging only once

---------

Co-authored-by: tangowithfoxtrot <tangowithfoxtrot@users.noreply.github.com>
This commit is contained in:
Justin Baur
2025-04-07 14:10:36 -04:00
committed by GitHub
parent 1cf9ff34c1
commit a8403f3dc2
9 changed files with 610 additions and 26 deletions

View File

@ -1,7 +1,10 @@
using Bit.Core.Settings;
using System.Security.Cryptography.X509Certificates;
using Bit.Core.Platform.X509ChainCustomization;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using MailKit.Net.Smtp;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using MimeKit;
namespace Bit.Core.Services;
@ -10,12 +13,14 @@ public class MailKitSmtpMailDeliveryService : IMailDeliveryService
{
private readonly GlobalSettings _globalSettings;
private readonly ILogger<MailKitSmtpMailDeliveryService> _logger;
private readonly X509ChainOptions _x509ChainOptions;
private readonly string _replyDomain;
private readonly string _replyEmail;
public MailKitSmtpMailDeliveryService(
GlobalSettings globalSettings,
ILogger<MailKitSmtpMailDeliveryService> logger)
ILogger<MailKitSmtpMailDeliveryService> logger,
IOptions<X509ChainOptions> x509ChainOptions)
{
if (globalSettings.Mail?.Smtp?.Host == null)
{
@ -31,6 +36,7 @@ public class MailKitSmtpMailDeliveryService : IMailDeliveryService
_globalSettings = globalSettings;
_logger = logger;
_x509ChainOptions = x509ChainOptions.Value;
}
public async Task SendEmailAsync(Models.Mail.MailMessage message)
@ -75,6 +81,13 @@ public class MailKitSmtpMailDeliveryService : IMailDeliveryService
{
client.ServerCertificateValidationCallback = (s, c, h, e) => true;
}
else if (_x509ChainOptions.TryGetCustomRemoteCertificateValidationCallback(out var callback))
{
client.ServerCertificateValidationCallback = (sender, cert, chain, errors) =>
{
return callback(new X509Certificate2(cert), chain, errors);
};
}
if (!_globalSettings.Mail.Smtp.StartTls && !_globalSettings.Mail.Smtp.Ssl &&
_globalSettings.Mail.Smtp.Port == 25)