(OpenSSL::SSL::SSLError) SMTP Mails without TLS (Port 25)

Infrastructure as Code & Cloud Native
,
1

Hey there, I use this SMTP configuration with my Gitlab-CE server (15.10.1):

gitlab_rails[‘smtp_enable’] = true
gitlab_rails[‘smtp_address’] = “smtp.localdomain”
gitlab_rails[‘smtp_port’] = 25
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
gitlab_rails[‘smtp_enable_starttls_auto’] = false
gitlab_rails[‘smtp_tls’] = false
gitlab_rails[‘smtp_openssl_verify_mode’] = ‘none’
gitlab_rails[‘smtp_domain’] = ‘localdomain’
gitlab_rails[‘smtp_openssl_verify_mode’] = ‘none’
gitlab_rails[‘smtp_ssl’] = false
gitlab_rails[‘smtp_force_ssl’] = false
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

But when I send an eMail via rails console I get this error:

irb(main):003:0> Notify.test_email(‘test@localdomain’, ‘Testmail’, ‘Testing…’).deliver_now
Delivered mail 642d311bd07b6_8e348d025667@git.localdomain.mail (102.3ms)
/opt/gitlab/embedded/lib/ruby/3.0.0/openssl/ssl.rb:401:in `post_connection_check’: hostname “smtp.localdomain” does not match the server certificate (OpenSSL::SSL::SSLError)

Can someone help?

2

Please upgrade to GtiLab 15.10.2: GitLab Patch Release: 15.10.2 | GitLab

Details are in regression in GitLab 5.10: outgoing mail fails to verify TLS cert even though TLS is off (#399241) · Issues · GitLab.org / GitLab · GitLab.

3

Thank you for the fast answer!

4

I still have same problem but im on gitlab 15.10.2

5

Hello
i’m still having issue after upgrading to 15.10.2 from 15.10.1.
Running with docker, with below omnibus config:

gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_ssl'] = false
gitlab_rails['smtp_force_ssl'] = false

Getting

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

@Update, tried setting config exactly as in this comment, but doesn’t seem to help.
regression in GitLab 5.10: outgoing mail fails to verify TLS cert even though TLS is off (#399241) · Issues · GitLab.org / GitLab · GitLab

irb(main):002:0> ActionMailer::Base.smtp_settings
=>
{:user_name=>nil,
 :password=>nil,
 :address=>"some.server",
 :port=>25,
 :domain=>"some.domain",
 :enable_starttls_auto=>false,
 :tls=>false,
 :ssl=>false,
 :openssl_verify_mode=>"none",
 :ca_file=>"/opt/gitlab/embedded/ssl/certs/cacert.pem"}

@Update2
Seems like it’s gonna be fixed soon:
Patch mail gem to handle TLS settings properly (!116925) · Merge requests · GitLab.org / GitLab · GitLab

6

Sorry about that. Patch mail gem to handle TLS settings properly (!116925) · Merge requests · GitLab.org / GitLab · GitLab will fix this, but in the meantime you can comment out:

# gitlab_rails['smtp_tls'] = false
# gitlab_rails['smtp_ssl'] = false
1 Like
7

GitLab 15.10.4 and 15.11.0 fixed this.