SMTP openssl_verify_mode does not function as documented
Summary
The existing documentation for configuring outgoing email states that valid options are "none", "peer", or "ssl/tls"
.
The declaration of ssl/tls
is due to a misinterpretation of ActionMailer's documenation.
The correct option list is none
,peer
, client_once
, or fail_if_no_peer_cert
. TLS/SSL can then be forced by providing tls: true
, which our templates currently do not support providing.
We should:
- Update the current documentation to reflect accurate values
- Properly document
global.smtp.*
indoc/charts/globals.md
- Update
charts/gitlab/templates/_smtp.tpl
to handle the appropriate values- Removing
ssl/tls
handling foropenssl_verify_mode
- Add support for
global.smtp.tls
as a boolean - This will simplify this template.
- We may also wish to add a
fail
ifssl/tls
is provided.
- Removing
Spawned from https://gitlab.com/charts/gitlab/issues/983
Steps to reproduce
--set global.smtp.openssl_verify_mode=ssl/tls
Configuration used
See #983 (closed) description
Current behavior
All Rails based containers fail with
bundler: failed to load command: unicorn (/srv/gitlab/vendor/bundle/ruby/2.4.0/bin/unicorn)
NoMethodError: undefined method `/' for :ssl:Symbol
/srv/gitlab/config/initializers/smtp_settings.rb:12:in `<top (required)>'
/srv/gitlab/vendor/bundle/ruby/2.4.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:268:in `load'
Expected behavior
Rails based containers do not fail.
Versions
- Chart: v1.3.0 / 1-3-stable / master
Relevant logs
See #983 (closed)
cc @marin