Merge branch 'master' into 'master'
Allow ca_path and ca_file parameters for SMTP email configuration Without ca_path or ca_file custom CA certs are not taken into account during the SMTP SSL/TLS handshake. This is because the cert_store context is incorrectly provided to smtp.rb. The SSL_CERT_DIR or SSL_CERT_FILE env vars are also not taken into account by smtp.rb. Since the SMTP email configuration allows the use of CApath and CAfile for OpenSSL, it should be allowed to set these parameters as a workaround. Example of use: # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" Please merge. See merge request !289
This commit is contained in:
commit
fa9c1464bc
|
@ -197,6 +197,8 @@ external_url 'GENERATED_EXTERNAL_URL'
|
|||
# gitlab_rails['smtp_enable_starttls_auto'] = true
|
||||
# gitlab_rails['smtp_tls'] = false
|
||||
# gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
|
||||
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
|
||||
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
|
||||
|
||||
###############
|
||||
# GitLab user #
|
||||
|
|
|
@ -169,6 +169,8 @@ default['gitlab']['gitlab-rails']['smtp_authentication'] = nil
|
|||
default['gitlab']['gitlab-rails']['smtp_enable_starttls_auto'] = nil
|
||||
default['gitlab']['gitlab-rails']['smtp_tls'] = nil
|
||||
default['gitlab']['gitlab-rails']['smtp_openssl_verify_mode'] = nil
|
||||
default['gitlab']['gitlab-rails']['smtp_ca_path'] = nil
|
||||
default['gitlab']['gitlab-rails']['smtp_ca_file'] = nil
|
||||
|
||||
default['gitlab']['gitlab-rails']['webhook_timeout'] = nil
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ if Rails.env.production?
|
|||
|
||||
ActionMailer::Base.smtp_settings = {
|
||||
authentication: <%= @smtp_authentication.to_s.to_sym.inspect %>,
|
||||
<% %w{ address port user_name password domain enable_starttls_auto tls openssl_verify_mode }.each do |key| %>
|
||||
<% %w{ address port user_name password domain enable_starttls_auto tls openssl_verify_mode ca_path ca_file }.each do |key| %>
|
||||
<% value = node['gitlab'][container]["smtp_#{key}"] %>
|
||||
<%= "#{key}: #{value.inspect}," unless value.nil? %>
|
||||
<% end %>
|
||||
|
|
Loading…
Reference in New Issue