Stop using insecure deprecated Net::IMAP.new args

This fixes the insecure `verify = false` argument that was previously unconfigurable. Now _any_ SSLContext params can be set on the IMAP connection. The original parameters have been undocumented since ~2007, will print deprecation warnings in the next release and will be removed in a year. Fixes mikel#1586.
nevans · Sep 20, 2023 · 8d57201 · 8d57201
1 parent 10a4443
commit 8d57201
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 3 deletions.
diff --git a/lib/mail/network/retriever_methods/imap.rb b/lib/mail/network/retriever_methods/imap.rb
@@ -164,9 +164,13 @@ def start(config=Mail::Configuration.instance, &block)
           raise ArgumentError, ":enable_starttls and :enable_ssl are mutually exclusive. Set :enable_ssl if you're on an IMAPS connection. Set :enable_starttls if you're on an IMAP connection and using STARTTLS for secure TLS upgrade."
         end
 
-        imap = Net::IMAP.new(settings[:address], settings[:port], settings[:enable_ssl], nil, false)
+        ssl      = settings[:enable_ssl]
+        starttls = settings[:enable_starttls]
+        ssl      &&= Hash.try_convert(ssl)      || {}
+        starttls &&= Hash.try_convert(starttls) || {}
 
-        imap.starttls if settings[:enable_starttls]
+        imap = Net::IMAP.new(settings[:address], port: settings[:port], ssl: ssl)
+        imap.starttls(starttls) if starttls
 
         if settings[:authentication].nil?
           imap.login(settings[:user_name], settings[:password])

diff --git a/spec/mail/network/retriever_methods/imap_spec.rb b/spec/mail/network/retriever_methods/imap_spec.rb
@@ -269,6 +269,27 @@
     end
   end
 
+  describe "Implicit SSL" do
+    before do
+      allow(Net::IMAP).to receive(:new).and_call_original
+    end
+
+    it "calls Net::IMAP.new new with ssl keyword arg" do
+      Mail.find
+      expect(Net::IMAP).to have_received(:new)
+        .with("localhost", port: 993, ssl: {})
+    end
+
+    it "passes enable_ssl params to ssl keyword" do
+      Mail.defaults do
+        retriever_method :imap, port: 993, enable_ssl: {ca_file: "etc.ca"}
+      end
+      Mail.find
+      expect(Net::IMAP).to have_received(:new)
+        .with("localhost", port: 993, ssl: {ca_file: "etc.ca"})
+    end
+  end
+
   describe "STARTTLS" do
     before do
       @imap = MockIMAP.new
@@ -280,7 +301,16 @@
         retriever_method :imap, :enable_starttls => true
       end
 
-      expect(@imap).to receive(:starttls)
+      expect(@imap).to receive(:starttls).with({})
+      Mail.find
+    end
+
+    it "passes params to starttls" do
+      Mail.defaults do
+        retriever_method :imap, enable_starttls: {attr1: :val1, attr2: "v2"}
+      end
+
+      expect(@imap).to receive(:starttls).with({attr1: :val1, attr2: "v2"})
       Mail.find
     end