local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 53 Pull requests 1 Projects 2 Releases 3 Packages 1 Activity Actions

Fix TLS config #473

Merged
simon merged 3 commits from bugfix/fix-tls-config into main 2026-03-16 15:04:35 +01:00
Conversation 0 Commits 3 Files changed 11 +298 -43
simon commented 2026-03-16 14:03:05 +01:00
Owner
Copy link

Description of the implemented changes

The changes were:

  • Bugfixing
  • New Feature
  • Breaking Change
  • Refactoring

Fix SMTP configuration so that both port 587 (TLS/STARTTLS) and port 465 (implicit SSL) work. Previously, a single set of options caused either 587 to crash (invalid option for TCP) or 465 to fail (missing verify option for the initial SSL connection). The fix makes socket options conditional on the chosen mode.

What has been changed?

  • lib/mv/mailer.ex: smtp_config/0 now adds sockopts: [verify: verify_mode] only when using SSL (port 465). For TLS (587) no verify option is passed in sockopts, so gen_tcp:connect no longer receives invalid options.
  • config/runtime.exs: Same conditional logic for boot-time SMTP config when using ENV (sockopts with verify only when SMTP_SSL=ssl).
  • test/mv/mailer_smtp_config_test.exs: New tests ensuring (1) port 587 config has no :verify in sockopts, (2) port 465 config includes :verify in sockopts, (3) correct TLS/SSL mode for 587 and 465.
  • docs/smtp-configuration-concept.md: Updated section 11 and checklist to describe that verify is in sockopts only for 465.
  • CHANGELOG.md: Added Unreleased entry for the SMTP configuration fix.
  • .env.example: Documented optional SMTP-related env vars (SMTP_HOST, SMTP_PORT, SMTP_SSL, SMTP_VERIFY_PEER, MAIL_FROM_*, etc.).

Definition of Done

Code Quality

  • No new technical depths
  • Linting passed
  • Documentation is added were needed

Accessibility

  • New elements are properly defined with html-tags
  • Colour contrast follows WCAG criteria
  • Aria labels are added when needed
  • Everything is accessible by keyboard
  • Tab-Order is comprehensible
  • All interactive elements have a visible focus
    N/A – no UI or frontend changes in this PR.

Testing

  • Tests for new code are written
  • All tests pass
  • axe-core dev tools show no critical or major issues
    N/A – no new UI; existing mailer/config_smtp tests plus new mailer_smtp_config_test.exs cover the change.

Additional Notes

  • For reviewers: the behavioural difference is that 587 must not get verify in the options passed to the first connection (TCP), while 465 must get verify in the options for the initial ssl:connect. The new tests encode both requirements.
  • Default for SMTP_VERIFY_PEER remains false (verify_none); setting it to true requires CA certs to be configured (e.g. cacertfile) or you get an incompatible-options error.
## Description of the implemented changes The changes were: - [x] Bugfixing - [ ] New Feature - [ ] Breaking Change - [ ] Refactoring Fix SMTP configuration so that both port 587 (TLS/STARTTLS) and port 465 (implicit SSL) work. Previously, a single set of options caused either 587 to crash (invalid option for TCP) or 465 to fail (missing verify option for the initial SSL connection). The fix makes socket options conditional on the chosen mode. ## What has been changed? - **lib/mv/mailer.ex**: `smtp_config/0` now adds `sockopts: [verify: verify_mode]` only when using SSL (port 465). For TLS (587) no verify option is passed in sockopts, so `gen_tcp:connect` no longer receives invalid options. - **config/runtime.exs**: Same conditional logic for boot-time SMTP config when using ENV (sockopts with verify only when `SMTP_SSL=ssl`). - **test/mv/mailer_smtp_config_test.exs**: New tests ensuring (1) port 587 config has no `:verify` in sockopts, (2) port 465 config includes `:verify` in sockopts, (3) correct TLS/SSL mode for 587 and 465. - **docs/smtp-configuration-concept.md**: Updated section 11 and checklist to describe that verify is in sockopts only for 465. - **CHANGELOG.md**: Added Unreleased entry for the SMTP configuration fix. - **.env.example**: Documented optional SMTP-related env vars (SMTP_HOST, SMTP_PORT, SMTP_SSL, SMTP_VERIFY_PEER, MAIL_FROM_*, etc.). ## Definition of Done ### Code Quality - [x] No new technical depths - [x] Linting passed - [x] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus *N/A – no UI or frontend changes in this PR.* ### Testing - [x] Tests for new code are written - [x] All tests pass - [ ] axe-core dev tools show no critical or major issues *N/A – no new UI; existing mailer/config_smtp tests plus new mailer_smtp_config_test.exs cover the change.* ## Additional Notes - For reviewers: the behavioural difference is that **587** must not get `verify` in the options passed to the first connection (TCP), while **465** must get `verify` in the options for the initial `ssl:connect`. The new tests encode both requirements. - Default for `SMTP_VERIFY_PEER` remains `false` (verify_none); setting it to `true` requires CA certs to be configured (e.g. `cacertfile`) or you get an incompatible-options error.
simon added 1 commit 2026-03-16 14:03:08 +01:00
fix: repaired smtp configuration for port 587
All checks were successful
continuous-integration/drone/push Build is passing
Details
e95c1d6254
simon added this to the Sprint 14: 26.02 - 05.03 project 2026-03-16 14:03:19 +01:00
simon added 1 commit 2026-03-16 14:24:02 +01:00
refactor: unify smtp config logic
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is failing
Details
e8f27690a1
simon added 1 commit 2026-03-16 14:58:42 +01:00
fix: update smtp test
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details
f353f1cbc0
simon merged commit 9b0f269ab6 into main 2026-03-16 15:04:35 +01:00
simon deleted branch bugfix/fix-tls-config 2026-03-16 15:04:40 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
high priority

   
invalid

Something is wrong

  
L

5 h

  
low priority

   
M

3 h

  
medium priority

   
needs refinement

   
optional

   
question

More information is needed

  
S

1 h

  
UX research

   
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
optional
question
S
UX research
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Sprint 14: 26.02 - 05.03
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#473
No description provided.
Delete branch "bugfix/fix-tls-config"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?