+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 2.x (https://forum.codeigniter.com/forumdisplay.php?fid=18)
+--- Thread: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) (/showthread.php?tid=590)
Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - Rômulo Rocha - 12-23-2014
As you guys may know, PHP 5.6 version has gone into some important changes that Codeigniter 2 haven't been adapted to. Though I had only one single PHP command line to change (I may not recall what it was) in a CI system file, now I am stuck with a bug I found on Email Class to send messages via SMTP (using Google server).
Apparently, PHP 5.6 has some OpenSSL changes:
Quote:"All encrypted client streams now enable peer verification by default. By default, this will use OpenSSL's default CA bundle to verify the peer certificate. In most cases, no changes will need to be made to communicate with servers with valid SSL certificates, as distributors generally configure OpenSSL to use known good CA bundles." - OpenSSL changes in PHP 5.6.x (PHP Manual)
The documentation recommend to set verify_peer and verify_peer_name to FALSE for SSL verification. However, I don't know how to implement that when it comes to fsockopen. The Email Class has the following function:
Code:
protected function _smtp_connect()
{
$ssl = NULL;
if ($this->smtp_crypto == 'ssl')
$ssl = 'ssl://';
$this->_smtp_connect = fsockopen($ssl.$this->smtp_host,
$this->smtp_port,
$errno,
$errstr,
$this->smtp_timeout);
if ( ! is_resource($this->_smtp_connect))
{
$this->_set_error_message('lang:email_smtp_error', $errno." ".$errstr);
return FALSE;
}
$this->_set_error_message($this->_get_smtp_data());
if ($this->smtp_crypto == 'tls')
{
$this->_send_command('hello');
$this->_send_command('starttls');
stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT);
}
return $this->_send_command('hello');
}Do you guys have any idea of how I should implement this function for PHP 5.6? I'll keep trying it out. Basically, the SSL message error I get is:
Quote:fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - Rufnex - 12-23-2014
Have you tried to set an option after you opend a socket connection?
PHP Code:
stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_peer', fals);
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - Rômulo Rocha - 12-29-2014
(12-23-2014, 01:39 PM)Rufnex Wrote: Have you tried to set an option after you opend a socket connection?
PHP Code:stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_peer', fals);
I just tried it out and did not work.
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - Rufnex - 12-30-2014
Ups .. have you seen the typo? .. at the end it should be "false".
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - kamikaze - 01-05-2015
Hi guys.
I try do that like @Rufnex, and add this other option above.
Code:
stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_host', FALSE);
stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_peer_name', FALSE);
stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_peer', FALSE);But didn't work...
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - Avenirer - 01-06-2015
That error is related to the firewall settings of your server... I think... and not to CodeIgniter.
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - kamikaze - 01-07-2015
@Avenirer Could you be more specific?
@Rômulo and @Rufnex, I solve this problem, and I wrote about in this post on my blog at: here [PT-BR]
Its a simple problem about openssl.cafile set on php.ini (PHP 5.6+)
(01-06-2015, 01:45 AM)Avenirer Wrote: That error is related to the firewall settings of your server... I think... and not to CodeIgniter.
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - Rufnex - 01-08-2015
@kamikaze: can you translate your blogpost into english?
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - Avenirer - 01-08-2015
(01-07-2015, 03:43 PM)kamikaze Wrote: @Avenirer Could you be more specific?
@Rômulo and @Rufnex, I solve this problem, and I wrote about in this post on my blog at: here [PT-BR]
Its a simple problem about openssl.cafile set on php.ini (PHP 5.6+)
(01-06-2015, 01:45 AM)Avenirer Wrote: That error is related to the firewall settings of your server... I think... and not to CodeIgniter.
So, was I right? It was a problem with the firewall and the ports?
RE: Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE) - DenilsonPereira - 05-15-2020
(01-08-2015, 02:14 AM)Avenirer Wrote:(01-07-2015, 03:43 PM)kamikaze Wrote: @Avenirer Could you be more specific?
@Rômulo and @Rufnex, I solve this problem, and I wrote about in this post on my blog at: here [PT-BR]
Its a simple problem about openssl.cafile set on php.ini (PHP 5.6+)
(01-06-2015, 01:45 AM)Avenirer Wrote: That error is related to the firewall settings of your server... I think... and not to CodeIgniter.
So, was I right? It was a problem with the firewall and the ports?
I get solve this problem :
Edit File System/libraries/Email.php
function _smtp_connect
change fsockopen to stream_socket_client
$context = stream_context_create([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]
]);
$this->_smtp_connect = stream_socket_client($ssl.$this->smtp_host . ':'
. $this->smtp_port,
$errno,
$errstr,
$this->smtp_timeout,STREAM_CLIENT_CONNECT, $context);