Mailer icon indicating copy to clipboard operation
Mailer copied to clipboard
verified publisher icon txthinking

Try to update smtp->connect() function to enable self-signed server certificates, disable peer (name) validation

Open Qixuga opened this issue 3 years ago • 1 comments

I use your mailer within dokuwiki and the smtp-modul:

Some features were missing so i tried to update the SMTP->connect() function to enable support for

  • selbst signed ssl/tls server certificates
  • disable peer validation
  • disable peer name validation and other options, but currently it won't work - maybe someone has same problem like me (small DMZ-Mail server with self-signed certificate)
// \Mailer\src\Mailer\SMTP.php:196
protected function connect()
{
	$this->logger && $this->logger->debug("Connecting to {$this->host} at {$this->port}");
	/*
	$host = ($this->secure == 'ssl') ? 'ssl://' . $this->host : $this->host;
	$this->smtp = @fsockopen($host, $this->port);
	//set block mode
	//    stream_set_blocking($this->smtp, 1);
	*/
	switch ( $this->secure ) {
		case 'ssl' :
			$host = 'ssl://' . $this->host;
			break;
		case 'tls' :
			$host = 'tls://' . $this->host;
			break;
		default:
			$host = $this->host;
	}
	$hostport = $host.($this->port ? ':' . $this->port : '' );
	$socket_options = array(
		'ssl' => array(
			'verify_peer' => false,
			'verify_peer_name' => false,
			'allow_self_signed' => true,
		)
	);
	$socket_context = stream_context_create($socket_options);
	$errno = '';
	$errstr = '';
	$this->smtp = stream_socket_client($hostport, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $socket_context);
	if (!$this->smtp){
		//throw new SMTPException("Could not open SMTP Port.");
		throw new SMTPException("Could not open SMTP Host/Port: ".$hostport.". Error:" . $errno . " - " . $errstr . ', '. var_export ( $socket_context, true) . ', ' . var_export($this->smtp, true) );
	}
	$code = $this->getCode();
	if ($code !== '220'){
		throw new CodeException('220', $code, array_pop($this->resultStack));
	}
	return $this;
}

i get the following error:

There was an unexpected problem communicating with SMTP: Could not open SMTP Host/Port: tls://:Error:0 - , NULL, false

Documentation stream_socket_client:

If the value returned in error_code is 0 and the function returned false, it is an indication that the error occurred before the connect() call. This is most likely due to a problem initializing the socket.

But i don't know - if i use openssl-cli the connection might no problem:

openssl s_client -connect <myhost>:<post> -starttls smtp

Can anyone help? Thx!

Qixuga avatar May 11 '22 18:05 Qixuga

It seems that you can't use 'tls://' in stream_socket_client(), you may try to connect without 'tls://', then enable the crypto, as described in the first comment of this page: https://www.php.net/manual/en/transports.inet.php

I see the SMTP.php already has starttls() function to enable the crypto, so you can just connect without 'tls://'.

lainme avatar Mar 23 '23 16:03 lainme