Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sending email with invalid smtp certificate #14442

Closed
sergeor opened this issue Oct 6, 2023 · 5 comments · Fixed by #14444
Closed

sending email with invalid smtp certificate #14442

sergeor opened this issue Oct 6, 2023 · 5 comments · Fixed by #14444
Labels
enhancement
Milestone
1.8

Comments

@sergeor
Copy link

sergeor commented Oct 6, 2023

Mailkit supports sending email when the server's smtp certificate is invalid. Maybe this function should be integrated into OrchardCore.

smtp.ServerCertificateValidationCallback = (mysender, certificate, chain, sslPolicyErrors) => { return true; }; smtp.CheckCertificateRevocation = false;
@hishamco
Copy link
Member

hishamco commented Oct 6, 2023

It's already there

OrchardCore/src/OrchardCore/OrchardCore.Email.Core/Services/SmtpService.cs

Lines 242 to 269 in d312e24

private bool CertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
const string LogErrorMessage = "SMTP Server's certificate {CertificateSubject} issued by {CertificateIssuer} " +
"with thumbprint {CertificateThumbprint} and expiration date {CertificateExpirationDate} " +
"is considered invalid with {SslPolicyErrors} policy errors";
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
_logger.LogError(LogErrorMessage,
certificate.Subject,
certificate.Issuer,
certificate.GetCertHashString(),
certificate.GetExpirationDateString(),
sslPolicyErrors);
if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateChainErrors) && chain?.ChainStatus != null)
{
foreach (var chainStatus in chain.ChainStatus)
{
_logger.LogError("Status: {Status} - {StatusInformation}", chainStatus.Status, chainStatus.StatusInformation);
}
}
return false;
}

@hishamco
Copy link
Member

hishamco commented Oct 6, 2023

Maybe the current issue is you can't send the email when there's error

@hishamco hishamco mentioned this issue Oct 6, 2023
Merged
@sergeor
Copy link
Author

sergeor commented Oct 6, 2023

Yes, but I would like to have the choice (with a check box from the mail server settings in the admin area) to be able to bypass the invalid or self-signed certificate.
The code that i read is just check if certificate is valid and if not return false and stop send.

@hishamco
Copy link
Member

hishamco commented Oct 6, 2023

Check my related PR

@sergeor sergeor closed this as completed Oct 8, 2023
@hishamco hishamco reopened this Oct 8, 2023
@hishamco
Copy link
Member

hishamco commented Oct 8, 2023

I reopen this will be closed automatically once the PR is merged

@sebastienros sebastienros added this to the 1.x milestone Oct 19, 2023
@MikeAlhayek MikeAlhayek modified the milestones: 1.x, 1.8 Jan 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.8
Development

Successfully merging a pull request may close this issue.

SMTP should send the email if the SSL certificate is invalid OrchardCMS/OrchardCore
4 participants
@sebastienros @hishamco @sergeor @MikeAlhayek