[GH-ISSUE #994] [FEATURE REQUEST] Allow to add a certificate authority for the mail client #359

New issue

Open

opened 2026-02-27 08:16:51 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 08:16:51 +03:00

Owner

Originally created by @jduepmeier on GitHub (Oct 13, 2024).
Original GitHub issue: https://github.com/lldap/lldap/issues/994

Motivation
Private mail server sometimes have certificates signed by a private certificate authority.
It should be possible to configure the authority in the mail options.
This allows a secure connection to the mail servers.

Describe the solution you'd like
Add a parameter certificate_authority_file to the mail options which reads the authority from a file and adds it to the
Tls config of the connection.
This is only needed for TLS and STARTTLS connections.

Describe alternatives you've considered
TLS can be disabled but this is insecure.

Additional context
There was this issue (https://github.com/lldap/lldap/issues/412) which added the parameter to disable TLS.
The issue mentions the way to add a custom authority (https://github.com/lldap/lldap/issues/412#issuecomment-1374507084).

Originally created by @jduepmeier on GitHub (Oct 13, 2024). Original GitHub issue: https://github.com/lldap/lldap/issues/994 **Motivation** Private mail server sometimes have certificates signed by a private certificate authority. It should be possible to configure the authority in the mail options. This allows a secure connection to the mail servers. **Describe the solution you'd like** Add a parameter `certificate_authority_file` to the mail options which reads the authority from a file and adds it to the Tls config of the connection. This is only needed for TLS and STARTTLS connections. **Describe alternatives you've considered** TLS can be disabled but this is insecure. **Additional context** There was this issue (https://github.com/lldap/lldap/issues/412) which added the parameter to disable TLS. The issue mentions the way to add a custom authority (https://github.com/lldap/lldap/issues/412#issuecomment-1374507084).

kerem added the

labels

2026-02-27 08:16:51 +03:00

kerem commented

2026-02-27 08:16:52 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 13, 2024):

Hmm. I see the point, but it's not an issue that will affect most self hosters, it seems more like a company problem.

In addition, I don't have much free development time.

All of that to say: I would review and accept a PR implementing it, but I don't think I'll do it myself.

@nitnelave commented on GitHub (Oct 13, 2024): Hmm. I see the point, but it's not an issue that will affect most self hosters, it seems more like a company problem. In addition, I don't have much free development time. All of that to say: I would review and accept a PR implementing it, but I don't think I'll do it myself.

kerem commented

2026-02-27 08:16:52 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 21, 2024):

I'm not sure we disagree on anything here :)

I didn't say it was difficult, or that I wouldn't do it, just that it doesn't affect most self hosters.

It sounds like you could make an easy PR then?

@nitnelave commented on GitHub (Oct 21, 2024): I'm not sure we disagree on anything here :) I didn't say it was difficult, or that I wouldn't do it, just that it doesn't affect most self hosters. It sounds like you could make an easy PR then?

kerem referenced this issue

2026-02-27 09:09:26 +03:00

[PR #377] [MERGED] server: make host configurable to enable IPv6 support #705