SMTP should send the email if the SSL certificate is invalid (#14444)

Co-authored-by: Sébastien Ros <[email protected]>
OrchardCMS · Oct 19, 2023 · 68daf1d · 68daf1d
1 parent 1117713
commit 68daf1d
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 29 deletions.
diff --git a/src/OrchardCore.Modules/OrchardCore.Email/Drivers/SmtpSettingsDisplayDriver.cs b/src/OrchardCore.Modules/OrchardCore.Email/Drivers/SmtpSettingsDisplayDriver.cs
@@ -62,6 +62,7 @@ public override async Task<IDisplayResult> EditAsync(SmtpSettings settings, Buil
                     model.UseDefaultCredentials = settings.UseDefaultCredentials;
                     model.UserName = settings.UserName;
                     model.Password = settings.Password;
+                    model.IgnoreInvalidSslCertificate = settings.IgnoreInvalidSslCertificate;
                 }).Location("Content:5").OnGroup(GroupId),
             };
 

diff --git a/src/OrchardCore.Modules/OrchardCore.Email/Views/SmtpSettings.Edit.cshtml b/src/OrchardCore.Modules/OrchardCore.Email/Views/SmtpSettings.Edit.cshtml
@@ -151,6 +151,14 @@
     </div>
 </div>
 
+<div class="mb-3" asp-validation-class-for="IgnoreInvalidSslCertificate">
+    <div class="form-check">
+        <input type="checkbox" class="form-check-input" asp-for="IgnoreInvalidSslCertificate" />
+        <label class="form-check-label" asp-for="IgnoreInvalidSslCertificate">@T["Ignore Invalid SSL Certificate"]</label>
+        <span class="hint dashed">@T["Ignores SSL certificate check if it's invalid."]</span>
+    </div>
+</div>
+
 <script at="Foot">
     $(function () {
         function showSelectedCollapse() {

diff --git a/src/OrchardCore/OrchardCore.Email.Abstractions/SmtpSettings.cs b/src/OrchardCore/OrchardCore.Email.Abstractions/SmtpSettings.cs
@@ -79,6 +79,11 @@ public class SmtpSettings : IValidatableObject
         /// </summary>
         public int ProxyPort { get; set; }
 
+        /// <summary>
+        /// Gets or sets whether invalid SSL certificates should be ignored.
+        /// </summary>
+        public bool IgnoreInvalidSslCertificate { get; set; }
+
         /// <inheritdocs />
         public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
         {

diff --git a/src/OrchardCore/OrchardCore.Email.Core/Services/SmtpService.cs b/src/OrchardCore/OrchardCore.Email.Core/Services/SmtpService.cs
@@ -239,35 +239,6 @@ private MimeMessage FromMailMessage(MailMessage message, IList<LocalizedString>
             return mimeMessage;
         }
 
-        private bool CertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
-        {
-            const string LogErrorMessage = "SMTP Server's certificate {CertificateSubject} issued by {CertificateIssuer} " +
-                "with thumbprint {CertificateThumbprint} and expiration date {CertificateExpirationDate} " +
-                "is considered invalid with {SslPolicyErrors} policy errors";
-
-            if (sslPolicyErrors == SslPolicyErrors.None)
-            {
-                return true;
-            }
-
-            _logger.LogError(LogErrorMessage,
-                certificate.Subject,
-                certificate.Issuer,
-                certificate.GetCertHashString(),
-                certificate.GetExpirationDateString(),
-                sslPolicyErrors);
-
-            if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateChainErrors) && chain?.ChainStatus != null)
-            {
-                foreach (var chainStatus in chain.ChainStatus)
-                {
-                    _logger.LogError("Status: {Status} - {StatusInformation}", chainStatus.Status, chainStatus.StatusInformation);
-                }
-            }
-
-            return false;
-        }
-
         protected virtual Task OnMessageSendingAsync(SmtpClient client, MimeMessage message) => Task.CompletedTask;
 
         private async Task<string> SendOnlineMessageAsync(MimeMessage message)
@@ -323,5 +294,34 @@ private static Task SendOfflineMessageAsync(MimeMessage message, string pickupDi
             var mailPath = Path.Combine(pickupDirectory, Guid.NewGuid().ToString() + EmailExtension);
             return message.WriteToAsync(mailPath, CancellationToken.None);
         }
+
+        private bool CertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        {
+            const string logErrorMessage = "SMTP Server's certificate {CertificateSubject} issued by {CertificateIssuer} " +
+                                           "with thumbprint {CertificateThumbprint} and expiration date {CertificateExpirationDate} " +
+                                           "is considered invalid with {SslPolicyErrors} policy errors";
+
+            if (sslPolicyErrors == SslPolicyErrors.None)
+            {
+                return true;
+            }
+
+            _logger.LogError(logErrorMessage,
+                certificate.Subject,
+                certificate.Issuer,
+                certificate.GetCertHashString(),
+                certificate.GetExpirationDateString(),
+                sslPolicyErrors);
+
+            if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateChainErrors) && chain?.ChainStatus != null)
+            {
+                foreach (var chainStatus in chain.ChainStatus)
+                {
+                    _logger.LogError("Status: {Status} - {StatusInformation}", chainStatus.Status, chainStatus.StatusInformation);
+                }
+            }
+
+            return _options.IgnoreInvalidSslCertificate;
+        }
     }
 }