odoo/upgrade#6153
Created by SM Learn, Julien Castiaux (juc)
- label
- odoo-dev:master-base-ir_mail_server-strict-juc
- head
- 3c862127d902155f17dd19bc81ddbf09fd3132ce
| odoo/odoo | odoo/upgrade | odoo/documentation | |
|---|---|---|---|
| master | #154077 | #6153 | #7749 |
[IMP] base/saas~18.3: ir.mail_server check certificates
~~Reviewer note: wait for odoo/odoo#158329 (the stable one)~~ merged
There was a bug in the ir.mail_server that makes we do not verify any SSL certificate when using SSL/TLS or STARTTLS. Fixing that bug couldn't be as simple as "just verify those certificates" because there are actually several mail servers in the wild that use self-signed/expired SSL certificates with their mail server and it just works. Enabling over night the verification would break the connection to those servers and be too much disruptive.
We decided to be smart and to make those certificate verifications opt-in.
We made two commits. The first one is stable-friendly only adds new possible values in a selection field. Namely ssl_strict and starttls_strict. Despite that it targets master, we plan to backport that commit in previous versions. i.e. we have to account for those two possible values even if they seem to be merged here.
The second commit is not stable-friendly. It adds a new checkbox "check ssl certificate" to opt-in the validation. This checkbox removes the needs for the two additionnal selection values, hence they have been removed, restoring the three original possible values: none, ssl, and starttls.
For customers who migrate before we had the chance to backport the first -stable- commit, smtp_ssl_check_certificate should be false: we cannot assume that their mail server is correctly configured, we cannot assume either that they want this validation.
For customers who migrate after we had the chance to backport the first -stable- commit, smtp_ssl_check_certificate should be set according to the smtp_encryption's strictness and then the selection field restored: ssl_strict -> ssl, starttls_strict -> starttls
task-2861790
Related: odoo/odoo#154077