Automatically set `allow_self_signed=true` if `mail_smtphost = localhost`

[Cybso]

The newer versions of Nextcloud use StartTLS per default, resulting in many bug reports when used with self-signed certificates:

#37329
#37694
#38957
#39452
#39538
#40073

There is a workaround to allow self signed certificates by manually editing config.php:

  "mail_smtpstreamoptions" => array(
    'ssl' => array(
        'allow_self_signed' => true,
        'verify_peer' => false,
        'verify_peer_name' => false
    )   
  ),  

But since many users will stumble across this problem let me suggest a small change:

If "mail_smtphost" is set to "localhost" or "127.0.0.1" and the above parameters are not explicitly configured, then assume that the user wants to accept unverified self-signed certificates by default - or do not use StartTLS at all for local connections.

[Cybso]

I have written a short POC patch, works perfectly for me:

nextcloud-41935-poc.patch.txt

[joshtrichards]

If you want this considered, you should submit it as a PR. I understand where you're coming from, though I'm not sure it'll pass a security review (i.e. for widespread default deployment).

[Cybso]

If you want this considered, you should submit it as a PR. I understand where you're coming from, though I'm not sure it'll pass a security review (i.e. for widespread default deployment).

Done: #46957

[susnux]

Why not adding your self signing key to your CA list?
Would solve this problem properly.

[Cybso]

Why not adding your self signing key to your CA list? Would solve this problem properly.

Of course, as the change in config.php from the issue text does. However, this needs the user to understand the problem and do an additional manual step, since it's not the expected behaviour to have TLS issues on "localhost".

[susnux]

since it's not the expected behaviour to have TLS issues on "localhost".

Well but you have installed an email server that offers STARTLS so TLS is expected in that case?

[Cybso]

since it's not the expected behaviour to have TLS issues on "localhost".

Well but you have installed an email server that offers STARTLS so TLS is expected in that case?

The default Postfix' main.cf (at least for Debian / Ubuntu) enables STARTTLS with a snakeoil certificate for the local hostname by default. But for "localhost" or "127.0.0.1" this certificate isn't valid, and im my opinion it does not even make sense to use StartTLS on a loopback connection in the first place. But you cannot disable it in the Nextcloud UI, the only offer is "None/StartTLS" which will use StartTLS if provided - but fail.

I'm fine with this for not being changed, but it frustrates users that have to find out what's going wrong. Just look at the cited issues in the opening post if you don't believe me, and that's only from the users who took their time to write a ticket, not including those just giving up.