diff --git a/config/config.exs b/config/config.exs index c886794a..c584ad18 100644 --- a/config/config.exs +++ b/config/config.exs @@ -124,14 +124,6 @@ config :mobilizon, Mobilizon.Web.Email.Mailer, # ssl: false, # can be `:always` or `:never` tls: :never, - allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"], - tls_options: [ - verify: :verify_peer, - versions: [:"tlsv1.2", :"tlsv1.3"], - cacerts: :public_key.cacerts_get(), - server_name_indication: ~c"localhost", - depth: 99 - ], retries: 1, # can be `true` no_mx_lookups: false diff --git a/config/docker.exs b/config/docker.exs index 3f9d5ddc..d48dda9e 100644 --- a/config/docker.exs +++ b/config/docker.exs @@ -2,6 +2,8 @@ import Config +{:ok, _} = Application.ensure_all_started(:tls_certificate_check) + loglevels = [ :emergency, :alert, @@ -72,14 +74,8 @@ config :mobilizon, Mobilizon.Web.Email.Mailer, username: System.get_env("MOBILIZON_SMTP_USERNAME", nil), password: System.get_env("MOBILIZON_SMTP_PASSWORD", nil), tls: System.get_env("MOBILIZON_SMTP_TLS", "if_available"), - allowed_tls_versions: [:"tlsv1.2", :"tlsv1.3"], - tls_options: [ - verify: :verify_peer, - versions: [:"tlsv1.2", :"tlsv1.3"], - cacerts: :public_key.cacerts_get(), - server_name_indication: ~c"#{System.get_env("MOBILIZON_SMTP_SERVER", "localhost")}", - depth: 99 - ], + tls_options: + :tls_certificate_check.options(System.get_env("MOBILIZON_SMTP_SERVER", "localhost")), ssl: System.get_env("MOBILIZON_SMTP_SSL", "false"), retries: 1, no_mx_lookups: false, diff --git a/mix.exs b/mix.exs index 63bf66fd..53f2a77d 100644 --- a/mix.exs +++ b/mix.exs @@ -89,7 +89,7 @@ defmodule Mobilizon.Mixfile do end defp extra_applications(_env) do - [:logger, :runtime_tools, :guardian, :geolix, :crypto, :cachex] + [:tls_certificate_check, :logger, :runtime_tools, :guardian, :geolix, :crypto, :cachex] end def copy_files(%{path: target_path} = release) do @@ -220,6 +220,7 @@ defmodule Mobilizon.Mixfile do {:exkismet, github: "tcitworld/exkismet"}, {:rajska, github: "tcitworld/rajska", branch: "mobilizon"}, {:hammer, "~> 6.1"}, + {:tls_certificate_check, "~> 1.20"}, # Dev and test dependencies {:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]}, {:ex_machina, "~> 2.3", only: [:dev, :test]}, diff --git a/mix.lock b/mix.lock index 14967a38..0b6d85be 100644 --- a/mix.lock +++ b/mix.lock @@ -139,6 +139,7 @@ "telemetry": {:hex, :telemetry, "1.2.1", "68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c", [:rebar3], [], "hexpm", "dad9ce9d8effc621708f99eac538ef1cbe05d6a874dd741de2e689c47feafed5"}, "tesla": {:hex, :tesla, "1.8.0", "d511a4f5c5e42538d97eef7c40ec4f3e44effdc5068206f42ed859e09e51d1fd", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:finch, "~> 0.13", [hex: :finch, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:gun, ">= 1.0.0", [hex: :gun, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "4.4.2", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:msgpax, "~> 2.3", [hex: :msgpax, repo: "hexpm", optional: true]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "10501f360cd926a309501287470372af1a6e1cbed0f43949203a4c13300bc79f"}, "timex": {:hex, :timex, "3.7.11", "bb95cb4eb1d06e27346325de506bcc6c30f9c6dea40d1ebe390b262fad1862d1", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.20", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 1.1", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "8b9024f7efbabaf9bd7aa04f65cf8dcd7c9818ca5737677c7b76acbc6a94d1aa"}, + "tls_certificate_check": {:hex, :tls_certificate_check, "1.20.0", "1ac0c53f95e201feb8d398ef9d764ae74175231289d89f166ba88a7f50cd8e73", [:rebar3], [{:ssl_verify_fun, "~> 1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "ab57b74b1a63dc5775650699a3ec032ec0065005eff1f020818742b7312a8426"}, "tz_world": {:hex, :tz_world, "1.3.1", "dedb8373fce594098909ff36d37f5e5e30e47cb40ef846d1dfc91eb39f7ebaaf", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:certifi, "~> 2.5", [hex: :certifi, repo: "hexpm", optional: true]}, {:geo, "~> 1.0 or ~> 2.0 or ~> 3.3", [hex: :geo, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "901ed2b4a4430ecab3765244da4a19e6f19141867c2ab3753924919b87ed2224"}, "tzdata": {:hex, :tzdata, "1.1.1", "20c8043476dfda8504952d00adac41c6eda23912278add38edc140ae0c5bcc46", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a69cec8352eafcd2e198dea28a34113b60fdc6cb57eb5ad65c10292a6ba89787"}, "ueberauth": {:hex, :ueberauth, "0.10.5", "806adb703df87e55b5615cf365e809f84c20c68aa8c08ff8a416a5a6644c4b02", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "3efd1f31d490a125c7ed453b926f7c31d78b97b8a854c755f5c40064bf3ac9e1"},