diff options
author | Jonne Haß <me@jhass.eu> | 2016-06-07 13:04:43 +0200 |
---|---|---|
committer | Jonne Haß <me@jhass.eu> | 2016-06-07 15:50:46 +0200 |
commit | 5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7 (patch) | |
tree | 5a430b5f994c37694972a424a9d07a8a37c589e2 /actionmailer | |
parent | b24d44edbb4726d06df782dc5b4b0e52db467d97 (diff) | |
download | rails-5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7.tar.gz rails-5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7.tar.bz2 rails-5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7.zip |
Do not suggest nonsensical OpenSSL verify modes [ci skip]
SSL_set_verify(3) explains:
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
Server mode: if the client did not return a certificate, the TLS/SSL
handshake is immediately terminated with a "handshake failure" alert.
This flag must
be used together with SSL_VERIFY_PEER.
Client mode: ignored
SSL_VERIFY_CLIENT_ONCE
Server mode: only request a client certificate on the initial TLS/SSL
handshake. Do not ask for a client certificate again in case of a
renegotiation.
This flag must be used together with SSL_VERIFY_PEER.
Client mode: ignored
The SMTP connection here uses a OpenSSL socket in client mode,
suggesting invalid/ignored flags is rather misleading.
Diffstat (limited to 'actionmailer')
-rw-r--r-- | actionmailer/lib/action_mailer/base.rb | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/actionmailer/lib/action_mailer/base.rb b/actionmailer/lib/action_mailer/base.rb index 6e0ae8a0a9..e766221008 100644 --- a/actionmailer/lib/action_mailer/base.rb +++ b/actionmailer/lib/action_mailer/base.rb @@ -390,9 +390,8 @@ module ActionMailer # to use it. Defaults to <tt>true</tt>. # * <tt>:openssl_verify_mode</tt> - When using TLS, you can set how OpenSSL checks the certificate. This is # really useful if you need to validate a self-signed and/or a wildcard certificate. You can use the name - # of an OpenSSL verify constant (<tt>'none'</tt>, <tt>'peer'</tt>, <tt>'client_once'</tt>, - # <tt>'fail_if_no_peer_cert'</tt>) or directly the constant (<tt>OpenSSL::SSL::VERIFY_NONE</tt>, - # <tt>OpenSSL::SSL::VERIFY_PEER</tt>, ...). + # of an OpenSSL verify constant (<tt>'none'</tt> or <tt>'peer'</tt>) or directly the constant + # (<tt>OpenSSL::SSL::VERIFY_NONE</tt> or <tt>OpenSSL::SSL::VERIFY_PEER</tt>). # <tt>:ssl/:tls</tt> Enables the SMTP connection to use SMTP/TLS (SMTPS: SMTP over direct TLS connection) # # * <tt>sendmail_settings</tt> - Allows you to override options for the <tt>:sendmail</tt> delivery method. |