mod/notification-email: add setting for certificate verification

doc/mod/notification-email.md

@@ -37,7 +37,9 @@ Also make sure the device has correct time configured, best is to set up
 the ntp client.
 
 Then edit `global-config-overlay`, add `EmailGeneralTo` with a valid
-recipient address. Finally reload the configuration.
+recipient address. Optionally add `EmailServerCertificate` and add the CA
+certificate name if you have certificate verification enabled. Finally
+reload the configuration.
 
 > ℹ️ **Info**: Copy relevant configuration from
 > [`global-config`](../../global-config.rsc) (the one without `-overlay`) to

global-config.rsc

@@ -31,6 +31,8 @@
 :global EmailGeneralCc "";
 #:global EmailGeneralTo "mail@example.com";
 #:global EmailGeneralCc "another@example.com,third@example.com";
+# Add the CA certificate name here for verification.
+:global EmailServerCertificate "";
 
 # You can send Telegram notifications. Register a bot
 # and add the token and chat ids here, then install the module:

global-functions.rsc

@@ -15,7 +15,7 @@
 # Git commit id & info, expected configuration version
 :global CommitId "unknown";
 :global CommitInfo "unknown";
-:global ExpectedConfigVersion 141;
+:global ExpectedConfigVersion 142;
 
 # global variables not to be changed by user
 :global GlobalFunctionsReady false;

mod/notification-email.rsc

@@ -37,7 +37,9 @@
 # flush e-mail queue
 :set FlushEmailQueue do={ :onerror Err {
   :global EmailQueue;
+  :global EmailServerCertificate;
 
+  :global CertificateAvailable;
   :global EitherOr;
   :global EMailGenerateFrom;
   :global FileExists;
@@ -90,6 +92,14 @@
     :return false;
   }
 
+  :if (([ /tool/e-mail/get ]->"certificate-verification") ~ "^yes" && \
+       [ :len $EmailServerCertificate ] > 0) do={
+    :if ([ $CertificateAvailable $EmailServerCertificate "email" ] = false) do={
+      $LogPrint warning $0 ("Downloading required certificate failed.");
+      :return false;
+    }
+  }
+
   /system/scheduler/set interval=($QueueLen . "m") comment="Sending..." \
     [ find where name="_FlushEmailQueue" ];
 

news-and-changes.rsc

@@ -66,6 +66,7 @@
   139="Certificate Authorities will reduce the leaf certificate validity times soon. Thus the defaults for renewal and warning in 'check-certificates' were decreased.";
   140="The scripts 'lease-script' was renamed to 'dhcpv4-server-lease', configuration was updated automatically.";
   141="Introduced script 'dhcpv6-client-lease' to run several scripts on IPv6 DHCP client lease.";
+  142="Added a setting for 'mod/notification-email' to check availability of certificate chain.";
 };
 
 # Migration steps to be applied on script updates