From ad167cb902dda06fdb316905501b4edc42fa00a8 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Thu, 6 Apr 2023 01:07:51 -0700
Subject: [PATCH] Fix SMTP when TLS is disabled

This commit fixes mail sending when TLS is disabled. In Ruby 3.0.5,
net-smtp v0.2.1 enabled TLS by default if the server advertises
STARTTLS support. However, mail v2.7.1 didn't explicitly disable TLS
(https://github.com/mikel/mail/issues/1434), so TLS may be used with
Ruby 3 even if it is disabled. mail v2.8.1 has since fixed this issue
via https://github.com/mikel/mail/pull/1480.

However, mail v2.8.1 has a bug in the logic for retrieving the settings
(https://github.com/mikel/mail/blob/2.8.1/lib/mail/network/delivery_methods/smtp.rb#L114):

```
tls = settings[:tls] || settings[:ssl]
```

If `settings[:tls]` is `false` and `settings[:ssl]` is `nil`, then
the result of `false || nil` is `nil`.

This means that TLS cannot be disabled if `settings[:tls]` is set to
`false`.

To fix this, just add a redundant `ssl` config parameter.

This came out of https://gitlab.com/gitlab-org/gitlab/-/issues/399241.

Changelog: fixed
---
 charts/gitlab/templates/_smtp.tpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/charts/gitlab/templates/_smtp.tpl b/charts/gitlab/templates/_smtp.tpl
index 25fe094075..5c2723ef9d 100644
--- a/charts/gitlab/templates/_smtp.tpl
+++ b/charts/gitlab/templates/_smtp.tpl
@@ -24,6 +24,7 @@ smtp_settings = {
   {{- end }}
   {{- if has .Values.global.smtp.tls (list true false) }}
   tls: {{ .Values.global.smtp.tls }},
+  ssl: {{ .Values.global.smtp.tls }},
   {{- end }}
   {{- if .Values.global.smtp.openssl_verify_mode }}
   openssl_verify_mode: {{ .Values.global.smtp.openssl_verify_mode | quote }}
-- 
GitLab