From f471ccd2c53d693dff95398ffd5e6acb4e196d96 Mon Sep 17 00:00:00 2001
From: Benjamin Franzke <bfr@qbus.de>
Date: Sun, 19 Apr 2020 12:57:56 +0200
Subject: [PATCH] [BUGFIX] Migrate mail SMTP encrypt option for symfony/mailer
compatibility
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
SMTP encrypt options were quite a hassle with swiftmailer:
'tls' was used as identifier to start a STARTTLS connection via SMTP
(instead of using SMTPS), while strings like ssl/tlsv1.0/tlsv1.1/tlsv1.2
instructed to use a SSL/TLS connection via SMTPS (without STARTTLS).
symfony/mailer does no longer allow to specify the STARTTLS usage,
as it will use it by default (if the server provides support for it).
Therefore, we now adapt the SMTP encryption configuration setting
via a silent configuration upgrade to avoid that the previous
STARTTLS 'tls' is casted to true while symfony/mailer expects false/null.
While at it, we also fix an incorrect migration for the transport type
'mail'. This wizard didn't work because of a wrong typecast (which has
probably been a copy & paste mistake).
Releases: master
Resolves: #91070
Related: #90295
Change-Id: I7fb1112730fedbbfcdb641c8ce04e17ea925d927
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64246
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Josef Glatz <josefglatz@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Josef Glatz <josefglatz@gmail.com>
Reviewed-by: Björn Jacob <bjoern.jacob@tritum.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
---
.../DefaultConfigurationDescription.yaml | 2 +-
...Transport_smtp_encryptChangedToBoolean.rst | 29 +++++++++++++++
.../SilentConfigurationUpgradeService.php | 37 ++++++++++++++++++-
3 files changed, 66 insertions(+), 2 deletions(-)
create mode 100644 typo3/sysext/core/Documentation/Changelog/10.4.x/Important-91070-SMTPTransportOptionTransport_smtp_encryptChangedToBoolean.rst
diff --git a/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml b/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
index bc905306a329..1c0239371338 100644
--- a/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
+++ b/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
@@ -570,7 +570,7 @@ MAIL:
description: '<em>only with transport=smtp</em>: <server:port> of mailserver to connect to. <port> defaults to "25".'
transport_smtp_encrypt:
type: bool
- description: '<em>only with transport=smtp</em>: Connect to the server using a secured transport protocol.'
+ description: '<em>only with transport=smtp</em>: Connect to the server using SSL/TLS (disables STARTTLS which is used by default if supported by the server). Must not be enabled when connecting to port 587, as servers will use STARTTLS (inner encryption) via SMTP instead of SMTPS.'
transport_smtp_username:
type: text
description: '<em>only with transport=smtp</em>: If your SMTP server requires authentication, enter your username here.'
diff --git a/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-91070-SMTPTransportOptionTransport_smtp_encryptChangedToBoolean.rst b/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-91070-SMTPTransportOptionTransport_smtp_encryptChangedToBoolean.rst
new file mode 100644
index 000000000000..3a9273fa659c
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-91070-SMTPTransportOptionTransport_smtp_encryptChangedToBoolean.rst
@@ -0,0 +1,29 @@
+.. include:: ../../Includes.txt
+
+=====================================================================================
+Important: #91070 - SMTP transport option 'transport_smtp_encrypt' changed to boolean
+=====================================================================================
+
+See :issue:`91070`
+
+Description
+===========
+
+With https://forge.typo3.org/issues/90295 the allowed value for
+:php:`$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_encrypt']` has been
+changed to a boolean value.
+
+symfony/mailer does no longer allow to specify the `STARTTLS` usage, as it will
+be used by default (if the server provides the needed support).
+
+Therefore, the SMTP encryption configuration setting
+:php:`$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_encrypt']` is
+automatically updated by the install tool's silent configuration upgrade.
+
+The configuration value `(string)tls` is removed to reflect that symfony/mailer
+expects `(bool)false` for `STARTTLS`. Other values like `(string)ssl` are
+converted too `(bool)true`.
+
+No migration is needed at all, as no deprecation is thrown.
+
+.. index:: LocalConfiguration, ext:core
diff --git a/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php b/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
index 3e51c11a092b..5f076055f158 100644
--- a/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
+++ b/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
@@ -189,6 +189,7 @@ class SilentConfigurationUpgradeService
$this->migrateSaltedPasswordsSettings();
$this->migrateCachingFrameworkCaches();
$this->migrateMailSettingsToSendmail();
+ $this->migrateMailSmtpEncryptSetting();
// Should run at the end to prevent obsolete settings are removed before migration
$this->removeObsoleteLocalConfigurationSettings();
@@ -1095,7 +1096,7 @@ class SilentConfigurationUpgradeService
{
$confManager = $this->configurationManager;
try {
- $transport = (array)$confManager->getLocalConfigurationValueByPath('MAIL/transport');
+ $transport = $confManager->getLocalConfigurationValueByPath('MAIL/transport');
if ($transport === 'mail') {
$confManager->setLocalConfigurationValueByPath('MAIL/transport', 'sendmail');
$confManager->setLocalConfigurationValueByPath('MAIL/transport_sendmail_command', (string)@ini_get('sendmail_path'));
@@ -1105,4 +1106,38 @@ class SilentConfigurationUpgradeService
// no change inside the LocalConfiguration.php found, so nothing needs to be modified
}
}
+
+ /**
+ * Migrates MAIL/transport_smtp_encrypt to a boolean value
+ * See #91070, #90295, #88643 and https://github.com/symfony/symfony/commit/5b8c4676d059
+ */
+ protected function migrateMailSmtpEncryptSetting()
+ {
+ $confManager = $this->configurationManager;
+ try {
+ $transport = $confManager->getLocalConfigurationValueByPath('MAIL/transport');
+ if ($transport === 'smtp') {
+ $encrypt = $confManager->getLocalConfigurationValueByPath('MAIL/transport_smtp_encrypt');
+ if (is_string($encrypt)) {
+ // SwiftMailer used 'tls' as identifier to connect with STARTTLS via SMTP (as usually used with port 587).
+ // See https://github.com/swiftmailer/swiftmailer/blob/v5.4.10/lib/classes/Swift/Transport/EsmtpTransport.php#L144
+ if ($encrypt === 'tls') {
+ // With TYPO3 v10 the MAIL/transport_smtp_encrypt option is passed as constructor parameter $tls to
+ // Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport
+ // $tls = true instructs to start a SMTPS connection – that means SSL/TLS via SMTPS, not STARTTLS via SMTP.
+ // That means symfony/mailer will use STARTTLS when $tls = false or ($tls = null with port != 465) is passed.
+ // Actually symfony/mailer will use STARTTLS by default now.
+ // Due to the misleading name (transport_smtp_encrypt) we avoid to set the option to false, but rather remove it.
+ // Note: symfony/mailer provides no way to enforce STARTTLS usage, see https://github.com/symfony/symfony/commit/5b8c4676d059
+ $confManager->removeLocalConfigurationKeysByPath(['MAIL/transport_smtp_encrypt']);
+ } else {
+ $confManager->setLocalConfigurationValueByPath('MAIL/transport_smtp_encrypt', true);
+ }
+ $this->throwConfigurationChangedException();
+ }
+ }
+ } catch (MissingArrayPathException $e) {
+ // no change inside the LocalConfiguration.php found, so nothing needs to be modified
+ }
+ }
}
--
GitLab