Closed Flying-Toast closed 1 year ago
I'm experiencing the same issue, and couldn't find an easy way to fix it.
The important code paths are outlined below.
defmodule Mailroom.IMAP do
....
def connect(server, username, password, options \\ []) do
opts = parse_opts(options)
{:ok, pid} = GenServer.start_link(__MODULE__, opts)
GenServer.call(pid, {:connect, server, opts.port})
...
def handle_call({:connect, server, port}, from, state) do
{:ok, socket} = Socket.connect(server, port, ssl: state.ssl, debug: state.debug, active: true)
....
defmodule Mailroom.Socket do
...
@connect_opts [packet: :line, reuseaddr: true, active: false, keepalive: true]
@ssl_connect_opts [depth: 0]
def connect(server, port, opts \\ []) do
...
case do_connect(addr, state.ssl, port, [:binary | connect_opts], state.timeout) do
...
defp do_connect(addr, true, port, opts, timeout),
do: :ssl.connect(addr, port, opts, timeout)
We would probably either need to properly set up certification using certifi (or similar):
CaCerts = certifi:cacerts(),
SslOptions = [
{verify, verify_peer},
{cacerts, CaCerts}
]
and then pass this into :ssl.connect opts
,
or at least allow us to pass in [{verify, verify_none}]
as opts
.
I have made a change in #16 that allows you to pass ssl_opts: [verify: :verify_none]
or other ssl specific options into the connect function of each sub-library
The tests all use ssl_opts: [verify: :verify_none]
which removes the warnings.
@andrewtimberlake Thanks a bunch for this!
I started using it in my app today, and both verify_peer
(actually doing a verification) and verify_none
(skipping verification, but getting rid of the logged warning) works great.
Here are two examples in case anyone else wonders how to do it:
# verify_peer
Mailroom.IMAP.connect(
...
ssl: true,
ssl_opts: [
cacerts: :certifi.cacerts(),
depth: 10,
verify: :verify_peer
]
)
# verify_none
Mailroom.IMAP.connect(
...
ssl: true,
ssl_opts: [
verify: :verify_none
]
)
When running
Mailroom.IMAP.connect()
in elixir 1.14.1, I get the following warning: