Closed KoshelevS closed 6 years ago
I would also like this
Hi @KoshelevS @Harmonickey - thanks for the note and the PR.
We've been hesitant to build in this option in the past, as from a security standpoint it doesn't make a huge amount of sense. An untrusted root certificate means the certificate could have come from anywhere (e.g. MITM) - it's not providing any privacy nor validation of the server's identity whatsoever.
A better solution for self-signed certs is to trust the specific issuer (this can be set up using a short PowerShell script). Is that an option for you?
Cheers, Nick
That does make sense. However, would it just be possible to let the calling client make that decision if they want to be secure or not, it wouldn't be handled by Serilog. Here is my pull-request. https://github.com/serilog/serilog-sinks-email/pull/39
Sorry @Harmonickey - I misread your PR and thought you were adding the Boolean ignoreCertificateErrors
option (which I'd like to avoid). Thanks for the reply.
We do already support what's proposed in your PR, don't we? https://github.com/Harmonickey/serilog-sinks-email/blob/0deb846a233c855116238763f0eb39e2faa3ed22/src/Serilog.Sinks.Email/LoggerConfigurationEmailExtensions.cs#L189 passing an EmailConnectionInfo
object will allow the validation function to be specified. Did you spot this overload of WriteTo.Email()
?
You are right, I didn't catch that overload.
I see what happened. I thought your library didn't include it because I was getting the NuGet package and grabbing the master branch. https://github.com/serilog/serilog-sinks-email/blob/master/src/Serilog.Sinks.Email/Sinks/Email/EmailConnectionInfo.cs
I will need to grab the dev branch I suppose?
@nblumhardt would it be possible to push a release for what you have in dev right now? That way we can use the NuGet package with the extra field included in EmailConnectionInfo.cs
Thanks @Harmonickey - on its way with #40
@nblumhardt, thank you for response.
A better solution for self-signed certs is to trust the specific issuer (this can be set up using a short PowerShell script). Is that an option for you?
Option with a trusted self-signed certificate sounds good enough. I'm closing this issue.
Thank you!
Great, thanks 👍
Hi!
I have the following application setup:
netcoreapp1.1
framework.Serilog is added to this application with all the required sinks:
appsettings.config
file, not code:All works fine up until the application logs a critical error. At that time I see the following error in my debug output console:
It is obvious that no email message is received after that.
There is a way to ignore certificate errors using the
ServerCertificateValidationCallback
property of theEmailConnectionInfo
class, but I can't go that way because all the sinks of Serilog are configured inappsettings.json
file.In my case it would be really helpful if
Serilog.Sinks.Email
is able to ignore certificate errors using a flag in theappsettings.json
file, like:Is it possible?