SMTP: refactor and accept starttls :always and :auto #1536
Conversation
… Ruby 3 Passing enable_tls/starttls/starttls_auto: false now explicitly disables these options. They used to be all false by default, so they could only be turned ON. So we ignored turning them OFF! We now disable_tls/starttls/starttls_auto when they're set to false. Leaving them set to nil inherits the upstream default.
eval
force-pushed
the
refactor-smtp-tls-starttls
branch
from
745712e
to
ba3f15f
Compare
|
with old rubies (net/smtp), both options were disabled by default, so historically it used to make sense to enable them separately but since starttls is now :auto by default due to the upstream change in net/smtp, it's problematic to do the opposite and disable them with existing options what about introducing a new setting, that accepts the same values? if this is already a breaking change, so I suggest simplifying it if we have a chance. @mikel @eval What do you think? yes, but the related PR should still be merged for 2.8.x |
|
@ron-shinall I'm not a maintainer. only @mikel or @jeremy can push a new version, but none of them are active lately |
|
@jeremy Would you mind releasing a new version with this fix? We're seeing a number of users not able to disable STARTTLS without this change. |
|
@stanhu fyi it has already been released in 2.8.1 |
|
@ahorek I thought that at first, but https://github.com/mikel/mail/blob/2.8.1/lib/mail/network/delivery_methods/smtp.rb#L114 shows that the refactoring in this pull request is not present. #1526 is present, however. We have users that have configured |
|
the main problem was starttls cannot be disabled with any settings, this should already be fixed. this refactor also fixes a combination of just pass tls: false + enable_starttls: false that should do what you want. I agree there's still inconsistency, but a workaround is pretty simple. |
Yes, the workaround is simple in principle, but we have potentially thousands of users that have set |
|
well, this PR is merged for 2.9, but it isn't released. If that's important for you, you should open a new issue and ask maintainers if they're willing to backport it. |
GitLab versions 15.10.4 and up shipped with https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116925 in order to fix a Ruby 3 upgrade issue that made it impossible to disable STARTTLS if the SMTP server advertised support for it. However, this change enforced the constraint that both SMTP TLS and STARTTLS cannot be enabled simultaneously. This follows the behavior of the net-smtp gem, which raises an exception if a user attempts to enable both. This constraint was added because as described in mikel/mail#1536, the logic for enabling/disabling TLS and/or STARTTLS is a bit tricky to get right and missed some important edge cases. This commit adds a validation step that will throw an error if both settings appear: ```ruby gitlab_rails['smtp_tls'] = true gitlab_rails['smtp_enable_starttls_auto'] = true ``` Previously if SMTP TLS were enabled, STARTTLS was disabled outright. If `gitlab_rails['smtp_tls']` is enabled, generally the easiest way to get things working is to set `gitlab_rails['smtp_enable_starttls_auto']` to `false`. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/409835 Also see https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6858 Changelog: changed
GitLab versions 15.10.4 and up shipped with https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116925 in order to fix a Ruby 3 upgrade issue that made it impossible to disable STARTTLS if the SMTP server advertised support for it. However, this change enforced the constraint that both SMTP TLS and STARTTLS cannot be enabled simultaneously. This follows the behavior of the net-smtp gem, which raises an exception if a user attempts to enable both. This constraint was added because as described in mikel/mail#1536, the logic for enabling/disabling TLS and/or STARTTLS is a bit tricky to get right and missed some important edge cases. This commit adds a validation step that will throw an error if both settings appear: ```ruby gitlab_rails['smtp_tls'] = true gitlab_rails['smtp_enable_starttls_auto'] = true ``` Previously if SMTP TLS were enabled, STARTTLS was disabled outright. If `gitlab_rails['smtp_tls']` is enabled, generally the easiest way to get things working is to set `gitlab_rails['smtp_enable_starttls_auto']` to `false`. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/409835 Also see https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6858 Changelog: changed
GitLab versions 15.10.4 and up shipped with https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116925 in order to fix a Ruby 3 upgrade issue that made it impossible to disable STARTTLS if the SMTP server advertised support for it. However, this change enforced the constraint that both SMTP TLS and STARTTLS cannot be enabled simultaneously. This follows the behavior of the net-smtp gem, which raises an exception if a user attempts to enable both. This constraint was added because as described in mikel/mail#1536, the logic for enabling/disabling TLS and/or STARTTLS is a bit tricky to get right and missed some important edge cases. This commit adds a validation step that will throw an error if both settings appear: ```ruby gitlab_rails['smtp_tls'] = true gitlab_rails['smtp_enable_starttls_auto'] = true ``` Previously if SMTP TLS were enabled, STARTTLS was disabled outright. If `gitlab_rails['smtp_tls']` is enabled, generally the easiest way to get things working is to set `gitlab_rails['smtp_enable_starttls_auto']` to `false`. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/409835 Also see https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6858 Changelog: changed
This PR is a refactored version of #1515 (which is a master-rebased version of #1435) and adds
:alwaysand:autoas acceptable values forenable_starttls.While the original PR 1515 fixes the disabling of starttls, it also yields unexpected/faulty 'shortcuts' in the if-chain given some inputs, e.g.:
ssl: falseensures anyenable_starttls-flag is ignored.enable_starttls: falsewould ignore theenable_starttls_auto-flag.I refactored the logic to come to the right
starttlsvalue for smtp (i.e.:always,:autoorfalse). It also adds the option to directly pass:alwaysor:autoas value forenable_starttls(separate commit).The implementation is based on this decision table: