docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon calcom

Emails not send with selfsigned certificate on mailserver and no possibility to disable tls

Open philippkayser opened this issue 1 year ago • 1 comments

Issue Summary

When attempting to send an email from Cal.com using a mail server with a self-signed certificate, the application fails due to TLS validation. The error indicates that the certificate is self-signed and the connection is being rejected. It would be beneficial to provide an option to disable TLS validation, similar to the configuration available in [Nodemailer](https://nodemailer.com/smtp/) using secure: false.

Steps to Reproduce

  1. Configure the application to use a mail server with a self-signed SSL/TLS certificate.
  2. Attempt to send an email (e.g., an invitation or notification email).
  3. Observe the error in the application logs.

Actual Results

  • The application fails to send the email and logs the following error: 
    Error: self-signed certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
    at TLSSocket.emit (node:events:517:28)
    at TLSSocket._finishInit (node:_tls_wrap:1070:8)
    at ssl.onhandshakedone (node:_tls_wrap:856:12)
    at TLSWrap.callbackTrampoline (node:internal/async_hooks:128:17) {
      code: 'ESOCKET',
      command: 'CONN'
    }

Expected Results

  • The email should be successfully sent, even if the server uses a self-signed certificate, by bypassing TLS validation when explicitly configured (e.g., using a secure: false option).

Technical Details

Based on latest version from github and dockerhub

Evidence

  • Testing was performed using a self-signed certificate on the mail server.
  • Screenshots or logs showing the error are attached. For instance: 
    calcom-1         | @calcom/web:start: sendEmail from: Cal.com <info@l> subject:  hat Sie eingeladen, dem Team  auf Cal.com beizutreten Error: self-signed certificate
calcom-1         | @calcom/web:start:     at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
  • Network requests and configurations were verified to confirm the root cause of the issue.

Having an option to bypass TLS validation (e.g., secure: false) would resolve this issue and provide flexibility in handling mail servers with self-signed certificates.

philippkayser avatar Nov 22 '24 11:11 philippkayser