From f2293a70f80a13231aea07c1fc24f14f3fc393f9 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Fri, 24 Mar 2023 09:34:37 +0100
Subject: [PATCH 1/2] Allow a user to disable peer check when using
 TLS/STARTTLS

This is useful when developing and on Docker setups. Despite setting
encryption to null, if a server supports STARTTLS with a self-signed
certificate, the mailer try to upgrade the connection with STARTTLS.
---
 .env.example.complete | 3 ++-
 app/Config/mail.php   | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.env.example.complete b/.env.example.complete
index f81bccae4..8c0accf1d 100644
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -79,6 +79,7 @@ MAIL_PORT=1025
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
+MAIL_VERIFY_PEER=true
 
 # Command to use when email is sent via sendmail
 MAIL_SENDMAIL_COMMAND="/usr/sbin/sendmail -bs"
@@ -372,4 +373,4 @@ LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver
 # IP address '146.191.42.4' would result in '146.191.x.x' being logged.
 # For the IPv6 address '2001:db8:85a3:8d3:1319:8a2e:370:7348' this would result as:
 # '2001:db8:85a3:8d3:x:x:x:x'
-IP_ADDRESS_PRECISION=4
\ No newline at end of file
+IP_ADDRESS_PRECISION=4
diff --git a/app/Config/mail.php b/app/Config/mail.php
index b57c152d9..6cd5ee28f 100644
--- a/app/Config/mail.php
+++ b/app/Config/mail.php
@@ -32,6 +32,7 @@ return [
             'encryption' => env('MAIL_ENCRYPTION', 'tls'),
             'username' => env('MAIL_USERNAME'),
             'password' => env('MAIL_PASSWORD'),
+            'verify_peer' => env('MAIL_VERIFY_PEER', true),
             'timeout' => null,
             'local_domain' => env('MAIL_EHLO_DOMAIN'),
         ],

From 1de72d09ca22878d02496b40f2be516adba5e736 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Sun, 23 Apr 2023 15:04:35 +0100
Subject: [PATCH 2/2] Mail: updated peer verify option name and added test

---
 .env.example.complete     |  2 +-
 app/Config/mail.php       |  2 +-
 phpunit.xml               |  1 +
 tests/Unit/ConfigTest.php | 23 ++++++++++++++++++++++-
 4 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/.env.example.complete b/.env.example.complete
index 8c0accf1d..9ce33f58f 100644
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -79,7 +79,7 @@ MAIL_PORT=1025
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
-MAIL_VERIFY_PEER=true
+MAIL_VERIFY_SSL=true
 
 # Command to use when email is sent via sendmail
 MAIL_SENDMAIL_COMMAND="/usr/sbin/sendmail -bs"
diff --git a/app/Config/mail.php b/app/Config/mail.php
index 6cd5ee28f..87514aa40 100644
--- a/app/Config/mail.php
+++ b/app/Config/mail.php
@@ -32,7 +32,7 @@ return [
             'encryption' => env('MAIL_ENCRYPTION', 'tls'),
             'username' => env('MAIL_USERNAME'),
             'password' => env('MAIL_PASSWORD'),
-            'verify_peer' => env('MAIL_VERIFY_PEER', true),
+            'verify_peer' => env('MAIL_VERIFY_SSL', true),
             'timeout' => null,
             'local_domain' => env('MAIL_EHLO_DOMAIN'),
         ],
diff --git a/phpunit.xml b/phpunit.xml
index 8a526a704..704372c5c 100644
--- a/phpunit.xml
+++ b/phpunit.xml
@@ -27,6 +27,7 @@
     <server name="DB_CONNECTION" value="mysql_testing"/>
     <server name="BCRYPT_ROUNDS" value="4"/>
     <server name="MAIL_DRIVER" value="array"/>
+    <server name="MAIL_VERIFY_SSL" value="true"/>
     <server name="LOG_CHANNEL" value="single"/>
     <server name="AUTH_METHOD" value="standard"/>
     <server name="AUTH_AUTO_INITIATE" value="false"/>
diff --git a/tests/Unit/ConfigTest.php b/tests/Unit/ConfigTest.php
index 9966a4fb1..103767516 100644
--- a/tests/Unit/ConfigTest.php
+++ b/tests/Unit/ConfigTest.php
@@ -3,6 +3,8 @@
 namespace Tests\Unit;
 
 use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Mail;
+use Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport;
 use Tests\TestCase;
 
 /**
@@ -96,11 +98,30 @@ class ConfigTest extends TestCase
         $this->checkEnvConfigResult('EXPORT_PAGE_SIZE', 'a4', 'snappy.pdf.options.page-size', 'A4');
     }
 
-    public function test_sendmail_command_is_configurage()
+    public function test_sendmail_command_is_configurable()
     {
         $this->checkEnvConfigResult('MAIL_SENDMAIL_COMMAND', '/var/sendmail -o', 'mail.mailers.sendmail.path', '/var/sendmail -o');
     }
 
+    public function test_mail_disable_ssl_verification_alters_mailer()
+    {
+        $getStreamOptions = function (): array {
+            /** @var EsmtpTransport $transport */
+            $transport = Mail::mailer('smtp')->getSymfonyTransport();
+            return $transport->getStream()->getStreamOptions();
+        };
+
+        $this->assertEmpty($getStreamOptions());
+
+
+        $this->runWithEnv('MAIL_VERIFY_SSL', 'false', function () use ($getStreamOptions) {
+            $options = $getStreamOptions();
+            $this->assertArrayHasKey('ssl', $options);
+            $this->assertFalse($options['ssl']['verify_peer']);
+            $this->assertFalse($options['ssl']['verify_peer_name']);
+        });
+    }
+
     /**
      * Set an environment variable of the given name and value
      * then check the given config key to see if it matches the given result.