fix: insecure config

sattvikc · sattvikc · commit 3a16488e93c0 · 2024-02-08T16:48:39.000+05:30
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Adds `TLSConfig` to SMTP settings.
 - `TLSConfig` is always passed to gomail so that it can be used when gomail uses `STARTTLS` to upgrade the connection to TLS. - https://github.com/supertokens/supertokens-golang/issues/392
+- Not setting `InsecureSkipVerify` to `true` in the SMTP settings because it is not recommended to use it in production.
 
 ## [0.17.3] - 2023-12-12
 
diff --git a/ingredients/emaildelivery/main.go b/ingredients/emaildelivery/main.go
@@ -58,11 +58,10 @@ func SendSMTPEmail(settings SMTPSettings, content EmailContent) error {
 	}
 
 	d := gomail.NewDialer(settings.Host, settings.Port, username, settings.Password)
-
 	if settings.TLSConfig != nil {
 		d.TLSConfig = settings.TLSConfig
 	} else {
-		d.TLSConfig = &tls.Config{InsecureSkipVerify: true, ServerName: settings.Host}
+		d.TLSConfig = &tls.Config{ServerName: settings.Host}
 	}
 
 	if settings.Secure {

Original file line number	Diff line number	Diff line change
`@@ -58,11 +58,10 @@ func SendSMTPEmail(settings SMTPSettings, content EmailContent) error {`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`d := gomail.NewDialer(settings.Host, settings.Port, username, settings.Password)`
`61`		`-`
`62`	`61`	`if settings.TLSConfig != nil {`
`63`	`62`	`d.TLSConfig = settings.TLSConfig`
`64`	`63`	`} else {`
`65`		`- d.TLSConfig = &tls.Config{InsecureSkipVerify: true, ServerName: settings.Host}`
	`64`	`+ d.TLSConfig = &tls.Config{ServerName: settings.Host}`
`66`	`65`	`}`
`67`	`66`
`68`	`67`	`if settings.Secure {`