From: Trenton H <797416+stumpylog@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:28:36 +0000 (-0700) Subject: Adjusts to use a different loading of certificates and updates the docs for it X-Git-Tag: v1.17.2~1^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df82ac8ac41138752d3fdeb2cd1074b120843a2f;p=thirdparty%2Fpaperless-ngx.git Adjusts to use a different loading of certificates and updates the docs for it --- diff --git a/docs/configuration.md b/docs/configuration.md index 13e6281511..74486660fe 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -503,9 +503,9 @@ HTTP header/value expected by Django, eg `'["HTTP_X_FORWARDED_PROTO", "https"]'` `PAPERLESS_EMAIL_CERTIFICATE_FILE=` -: Configures an additional SSL certificate file containing a [combined key and certificate](https://docs.python.org/3/library/ssl.html#combined-key-and-certificate) file -for validating SSL connections against mail providers. This is for use with self-signed certificates against -local IMAP servers. +: Configures an additional SSL certificate file containing a [certificate](https://docs.python.org/3/library/ssl.html#certificates) +or certificate chain which should be trusted for validating SSL connections against mail providers. +This is for use with self-signed certificates against local IMAP servers. Defaults to None. diff --git a/src/paperless_mail/mail.py b/src/paperless_mail/mail.py index fd66ac91d2..8b41ebacf7 100644 --- a/src/paperless_mail/mail.py +++ b/src/paperless_mail/mail.py @@ -397,7 +397,7 @@ def get_mailbox(server, port, security) -> MailBox: """ ssl_context = ssl.create_default_context() if settings.EMAIL_CERTIFICATE_FILE is not None: # pragma: nocover - ssl_context.load_cert_chain(certfile=settings.EMAIL_CERTIFICATE_FILE) + ssl_context.load_verify_locations(cafile=settings.EMAIL_CERTIFICATE_FILE) if security == MailAccount.ImapSecurity.NONE: mailbox = MailBoxUnencrypted(server, port)