Allow more control over TLS settings for nodemailer (STARTTLS and self-signed certificates)#1590
Conversation
|
This... doesn't "fix" anything? I mean, if a variable is the same as the key, it can be omitted |
Ooops, this PR is missing part of it!
Server starts and inits email with secure set to false (with fix): |
|
This PR is now ready for review I've added the proper fixes (via ternary operator). After more testing we dont really need to set "host" / "port" / "secure" explicitly - but i think we should for future readability - since there are more features of nodemailer we might want to take advantage of in the future. With this fix I can confirm that disabling TLS actually works now:
Added new configuration options |
e-lisa
changed the title
"allowInsecure". smtp.starttls will enable or disable STARTTLS when "secure" is set to false (otherwise it does nothing). smtp.allowInsecure will allow self-signed certificates if set to true for both smtp.secure and smtp.starttls options.
3 participants
Problem
Nodemailer still upgrades connections to TLS via STARTTLS even if
smtp.secureis set to false in the configuration file. Furthermore there is no way to accept self signed certificates for both connections that start with TLS (secure == true) or connections that upgrade to TLS via STARTTLS.Solution
Add two new configuration options to better manage nodemailer's usage of TLS.
smtp.starttls- When set to true will setrequireTLSto true in the nodemailer initialization, even if STARTTLS is not advertised. If set to false will setignoreTLSto true which will prevent nodemailer from upgrading to TLS via STARTTLS. Default to false.smtp.allowInsecure- When set to true will allow insecure certificates (self signed, expired, etc) to be accepted by nodemailer. Defaults to false.By adding these options it will allow more flexibility when configuring SMTP settings for both instance owners and developers and solves the problem outlined above.
Source: https://nodemailer.com/usage