bugfix: introduce SMTP_CA_FILE and SMTP_CA_PATH

allows users to configure path to trusted CA certificate file(s). the defaults are `nil` as there is no agreement on default path. possible paths for `SMTP_CA_FILE` include: * `/etc/pki/tls/certs/ca-bundle.crt` (RedHat) * `/etc/ssl/certs/ca-certificates.crt` (Debian and its variants) * `/usr/local/etc/ssl/cert.pem` (FreeBSD) * `/etc/ssl/cert.pem` (OpenBSD) Ruby on Rails Guides, nor `mail` gem, documents these options. 4f56234f04/lib/mail/network/delivery_methods/smtp.rb (L144-L145) fixes #354
2025-02-20 14:54:15 +01:00 · 2022-05-15 06:08:43 +07:00 · 2022-05-15 06:08:43 +07:00 · 4bd1634f82
commit 4bd1634f82
parent d014e4da93
3 changed files with 19 additions and 1 deletions
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -77,7 +77,9 @@ Rails.application.configure do
    authentication: Rails.application.secrets.smtp_authentication,
    enable_starttls_auto: Rails.application.secrets.smtp_enable_starttls_auto,
    openssl_verify_mode: Rails.application.secrets.smtp_openssl_verify_mode,
-    tls: Rails.application.secrets.smtp_tls
+    tls: Rails.application.secrets.smtp_tls,
+    ca_file: Rails.application.secrets.smtp_ca_file,
+    ca_path: Rails.application.secrets.smtp_ca_path
  }
  # use :smtp for switch prod
  config.action_mailer.delivery_method = Rails.application.secrets.delivery_method.to_sym
--- a/config/secrets.yml
+++ b/config/secrets.yml
@ -137,6 +137,8 @@ production:
  smtp_enable_starttls_auto: <%= ENV["SMTP_ENABLE_STARTTLS_AUTO"] %>
  smtp_openssl_verify_mode: <%= ENV["SMTP_OPENSSL_VERIFY_MODE"] %>
  smtp_tls: <%= ENV["SMTP_TLS"] %>
+  smtp_ca_file: <%= ENV.fetch("SMTP_CA_FILE", nil) %>
+  smtp_ca_path: <%= ENV.fetch("SMTP_CA_PATH", nil) %>
  week_starting_day: <%= ENV["WEEK_STARTING_DAY"] %>
  d3_date_format: <%= ENV.fetch("D3_DATE_FORMAT", '%y-%m-%d').dump %>
  uib_date_format: <%= ENV["UIB_DATE_FORMAT"] %>
--- a/doc/environment.md
+++ b/doc/environment.md
@ -64,6 +64,20 @@ See http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-config

 When DELIVERY_METHOD is set to **smtp**, configure the SMTP server parameters.
 See https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration for more details.
+<a name="SMTP_CA_FILE"></a>
+
+    SMTP_CA_FILE
+
+The path to a file containing a PEM-format CA certificate.
+See [OpenSSL::SSL::SSLContext](https://ruby-doc.org/stdlib-2.6/libdoc/openssl/rdoc/OpenSSL/SSL/SSLContext.html).
+This is an undocumented setting of [mail gem](https://github.com/mikel/mail).
+<a name="SMTP_CA_PATH"></a>
+
+    SMTP_CA_PATH
+
+The path to a directory containing CA certificates in PEM format.
+See [OpenSSL::SSL::SSLContext](https://ruby-doc.org/stdlib-2.6/libdoc/openssl/rdoc/OpenSSL/SSL/SSLContext.html).
+This is an undocumented setting of [mail gem](https://github.com/mikel/mail).
 <a name="DEFAULT_HOST"></a><a name="DEFAULT_PROTOCOL"></a>

    DEFAULT_HOST, DEFAULT_PROTOCOL