phpmailer and certificates

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
lonestar
Bear Rating Trainee
Bear Rating Trainee
Posts: 5
Joined: 25 Jun 2015, 09:35

phpmailer and certificates

Postby lonestar » 18 Feb 2017, 17:08

Hello,
I have an issue since when phpmailer has been updated recently. Sending articles via email through my own local smtp server fails with:

Code: Select all

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed


I've looked around for the problem and everybody say that PHP 5.6 added checks, that it must be an error in certificate chain in the mail server, bla bla. But everything is ok and TLS checks performed using external verification tools all say that the certificate is fine.

The only possible reason I found is that it's a wildcard certificate, issued for *.mydomain.com while the server name is mail.mydomain.com. I believe it's possible that PHP name peer verification somehow fails in accepting the wildcard certificate as valid for this host.

So the only solution I've found is editing ttrssmailer.php and adding few lines for:

Code: Select all

$this->SMTPOptions = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false
    )
);


My questions:
does any other have this kind of issue?
and, is this the best way to workaround the issue? Could it be possible to add a built-in option for disabling ssl peer name verification in controversial situations when using smtp?

Thanks,
ciao

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: phpmailer and certificates

Postby fox » 18 Feb 2017, 20:16

>Could it be possible to add a built-in option for disabling ssl peer name verification in controversial situations when using smtp?

no

lonestar
Bear Rating Trainee
Bear Rating Trainee
Posts: 5
Joined: 25 Jun 2015, 09:35

Re: phpmailer and certificates

Postby lonestar » 19 Feb 2017, 13:31

fox wrote:>Could it be possible to add a built-in option for disabling ssl peer name verification in controversial situations when using smtp?

no


kinda felt it coming.
ok, I will re-patch ttrssmailer.php at every update.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: phpmailer and certificates

Postby fox » 19 Feb 2017, 14:06

you can just locally commit your change into git and likely be good for years from now on

lonestar
Bear Rating Trainee
Bear Rating Trainee
Posts: 5
Joined: 25 Jun 2015, 09:35

Re: phpmailer and certificates

Postby lonestar » 20 Feb 2017, 02:35

fox wrote:you can just locally commit your change into git and likely be good for years from now on


oh that's a good suggestion, thank you.


Return to “Support”

Who is online

Users browsing this forum: No registered users and 3 guests