urko
/
email-sender
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: check common names

This commit is contained in:
Urko. 2024-08-20 12:02:23 +02:00
parent aca3105039
commit 2dd66cbaac
2 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -1,6 +1,6 @@
module gitea.urkob.com/urko/emailsender module gitea.urkob.com/urko/emailsender
go 1.21.1 go 1.22.3
require ( require (
github.com/joho/godotenv v1.5.1 github.com/joho/godotenv v1.5.1

8
pkg/email/email.go
View File

@ -52,7 +52,7 @@ func NewInsecure(config MailServiceConfig) *EmailService {
} }
} }
var validCommonNames = []string{"ISRG Root X1", "R3", "DST Root CA X3"} var validCommonNames = []string{"ISRG Root X1", "R3", "E5", "DST Root CA X3"}
func NewSecure(config MailServiceConfig) *EmailService { func NewSecure(config MailServiceConfig) *EmailService {
return &EmailService{ return &EmailService{
@ -98,11 +98,7 @@ func NewSecure(config MailServiceConfig) *EmailService {
if !slices.Contains(validCommonNames, cert.Issuer.CommonName) { if !slices.Contains(validCommonNames, cert.Issuer.CommonName) {
return fmt.Errorf("certificate is not issued by a trusted CA") return fmt.Errorf("certificate is not issued by a trusted CA")
} }
// log.Println("cert.ExtKeyUsage", cert.ExtKeyUsage)
// if cert.KeyUsage&x509.KeyUsageDigitalSignature == 0 || len(cert.ExtKeyUsage) == 0 || !slices.Contains(cert.ExtKeyUsage, x509.ExtKeyUsageServerAuth) {
// log.Printf("%+v", cert)
// return fmt.Errorf("certificate cannot be used for server authentication")
// }
if cert.PublicKeyAlgorithm != x509.RSA { if cert.PublicKeyAlgorithm != x509.RSA {
return fmt.Errorf("unsupported public key algorithm") return fmt.Errorf("unsupported public key algorithm")
} }