infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-10 07:14:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

use configured tls ca config for all tls connections, so https as well

Browse Source 
and add documentation for developers for setting up certificates with manual
local CA (with cfssl) or local ACME CA (with pebble).
This commit is contained in:
Mechiel Lukkien
2023-03-10 16:25:18 +01:00
parent 47b88550be
commit f60ad1452f
5 changed files with 175 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
http/admin.go
View File

@ -404,6 +404,7 @@ func checkDomain(ctx context.Context, resolver dns.Resolver, dialer *net.Dialer,
Config: &tls.Config{
ServerName: host,
MinVersion: tls.VersionTLS12, // ../rfc/8996:31 ../rfc/8997:66
RootCAs: mox.Conf.Static.TLS.CertPool,
},
}
for _, ip := range ips {
@ -600,7 +601,11 @@ func checkDomain(ctx context.Context, resolver dns.Resolver, dialer *net.Dialer,
if !strings.HasPrefix(line, "220 ") {
return fmt.Errorf("SMTP STARTTLS response from remote not 220 OK: %q", strings.TrimSuffix(line, "\r\n"))
}
tlsconn := tls.Client(conn, &tls.Config{ServerName: host})
config := &tls.Config{
ServerName: host,
RootCAs: mox.Conf.Static.TLS.CertPool,
}
tlsconn := tls.Client(conn, config)
if err := tlsconn.HandshakeContext(cctx); err != nil {
return fmt.Errorf("TLS handshake after SMTP STARTTLS: %s", err)
}