From 5e3fb2f7b0fe5871e3993da2a7cdd96872dc36c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonne=20Ha=C3=9F?= Date: Tue, 7 Jun 2016 13:04:43 +0200 Subject: Do not suggest nonsensical OpenSSL verify modes [ci skip] SSL_set_verify(3) explains: SSL_VERIFY_FAIL_IF_NO_PEER_CERT Server mode: if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with SSL_VERIFY_PEER. Client mode: ignored SSL_VERIFY_CLIENT_ONCE Server mode: only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with SSL_VERIFY_PEER. Client mode: ignored The SMTP connection here uses a OpenSSL socket in client mode, suggesting invalid/ignored flags is rather misleading. --- actionmailer/lib/action_mailer/base.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'actionmailer') diff --git a/actionmailer/lib/action_mailer/base.rb b/actionmailer/lib/action_mailer/base.rb index 6e0ae8a0a9..e766221008 100644 --- a/actionmailer/lib/action_mailer/base.rb +++ b/actionmailer/lib/action_mailer/base.rb @@ -390,9 +390,8 @@ module ActionMailer # to use it. Defaults to true. # * :openssl_verify_mode - When using TLS, you can set how OpenSSL checks the certificate. This is # really useful if you need to validate a self-signed and/or a wildcard certificate. You can use the name - # of an OpenSSL verify constant ('none', 'peer', 'client_once', - # 'fail_if_no_peer_cert') or directly the constant (OpenSSL::SSL::VERIFY_NONE, - # OpenSSL::SSL::VERIFY_PEER, ...). + # of an OpenSSL verify constant ('none' or 'peer') or directly the constant + # (OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER). # :ssl/:tls Enables the SMTP connection to use SMTP/TLS (SMTPS: SMTP over direct TLS connection) # # * sendmail_settings - Allows you to override options for the :sendmail delivery method. -- cgit v1.2.3