aboutsummaryrefslogtreecommitdiffstats
path: root/actionmailer
diff options
context:
space:
mode:
authorJonne Haß <me@jhass.eu>2016-06-07 13:04:43 +0200
committerJonne Haß <me@jhass.eu>2016-06-07 15:50:46 +0200
commit5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7 (patch)
tree5a430b5f994c37694972a424a9d07a8a37c589e2 /actionmailer
parentb24d44edbb4726d06df782dc5b4b0e52db467d97 (diff)
downloadrails-5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7.tar.gz
rails-5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7.tar.bz2
rails-5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7.zip
Do not suggest nonsensical OpenSSL verify modes [ci skip]
SSL_set_verify(3) explains: SSL_VERIFY_FAIL_IF_NO_PEER_CERT Server mode: if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with SSL_VERIFY_PEER. Client mode: ignored SSL_VERIFY_CLIENT_ONCE Server mode: only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with SSL_VERIFY_PEER. Client mode: ignored The SMTP connection here uses a OpenSSL socket in client mode, suggesting invalid/ignored flags is rather misleading.
Diffstat (limited to 'actionmailer')
-rw-r--r--actionmailer/lib/action_mailer/base.rb5
1 files changed, 2 insertions, 3 deletions
diff --git a/actionmailer/lib/action_mailer/base.rb b/actionmailer/lib/action_mailer/base.rb
index 6e0ae8a0a9..e766221008 100644
--- a/actionmailer/lib/action_mailer/base.rb
+++ b/actionmailer/lib/action_mailer/base.rb
@@ -390,9 +390,8 @@ module ActionMailer
# to use it. Defaults to <tt>true</tt>.
# * <tt>:openssl_verify_mode</tt> - When using TLS, you can set how OpenSSL checks the certificate. This is
# really useful if you need to validate a self-signed and/or a wildcard certificate. You can use the name
- # of an OpenSSL verify constant (<tt>'none'</tt>, <tt>'peer'</tt>, <tt>'client_once'</tt>,
- # <tt>'fail_if_no_peer_cert'</tt>) or directly the constant (<tt>OpenSSL::SSL::VERIFY_NONE</tt>,
- # <tt>OpenSSL::SSL::VERIFY_PEER</tt>, ...).
+ # of an OpenSSL verify constant (<tt>'none'</tt> or <tt>'peer'</tt>) or directly the constant
+ # (<tt>OpenSSL::SSL::VERIFY_NONE</tt> or <tt>OpenSSL::SSL::VERIFY_PEER</tt>).
# <tt>:ssl/:tls</tt> Enables the SMTP connection to use SMTP/TLS (SMTPS: SMTP over direct TLS connection)
#
# * <tt>sendmail_settings</tt> - Allows you to override options for the <tt>:sendmail</tt> delivery method.