Welcome Guest, Not a member yet? Register   Sign In
Email Class SSL verification bug on PHP 5.6 (SSL3_GET_SERVER_CERTIFICATE)
#1

As you guys may know, PHP 5.6 version has gone into some important changes that Codeigniter 2 haven't been adapted to. Though I had only one single PHP command line to change (I may not recall what it was) in a CI system file, now I am stuck with a bug I found on Email Class to send messages via SMTP (using Google server).

Apparently, PHP 5.6 has some OpenSSL changes:
Quote:"All encrypted client streams now enable peer verification by default. By default, this will use OpenSSL's default CA bundle to verify the peer certificate. In most cases, no changes will need to be made to communicate with servers with valid SSL certificates, as distributors generally configure OpenSSL to use known good CA bundles." - OpenSSL changes in PHP 5.6.x (PHP Manual)

The documentation recommend to set verify_peer and verify_peer_name to FALSE for SSL verification. However, I don't know how to implement that when it comes to fsockopen. The Email Class has the following function:

Code:
protected function _smtp_connect()
{
    $ssl = NULL;
    if ($this->smtp_crypto == 'ssl')
        $ssl = 'ssl://';
    $this->_smtp_connect = fsockopen($ssl.$this->smtp_host,
                                    $this->smtp_port,
                                    $errno,
                                    $errstr,
                                    $this->smtp_timeout);
    if ( ! is_resource($this->_smtp_connect))
    {
        $this->_set_error_message('lang:email_smtp_error', $errno." ".$errstr);
        return FALSE;
    }
    $this->_set_error_message($this->_get_smtp_data());
    if ($this->smtp_crypto == 'tls')
    {
        $this->_send_command('hello');
        $this->_send_command('starttls');
        stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT);
    }
    return $this->_send_command('hello');
}

Do you guys have any idea of how I should implement this function for PHP 5.6? I'll keep trying it out. Basically, the SSL message error I get is:
Quote:fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Reply
#2

Have you tried to set an option after you opend a socket connection?

PHP Code:
stream_context_set_option($this->_smtp_connect'ssl''verify_peer'fals); 

Reply
#3

(12-23-2014, 01:39 PM)Rufnex Wrote: Have you tried to set an option after you opend a socket connection?


PHP Code:
stream_context_set_option($this->_smtp_connect'ssl''verify_peer'fals); 

I just tried it out and did not work. Sad
Reply
#4

Ups .. have you seen the typo? .. at the end it should be "false".

Reply
#5

Hi guys.
I try do that like @Rufnex, and add this other option above.

Code:
stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_host', FALSE);
stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_peer_name', FALSE);
stream_context_set_option($this->_smtp_connect, 'ssl', 'verify_peer', FALSE);

But didn't work...
Reply
#6

That error is related to the firewall settings of your server... I think... and not to CodeIgniter.
Reply
#7
Wink 
(This post was last modified: 01-07-2015, 08:04 PM by kamikaze.)

@Avenirer Could you be more specific?

@Rômulo and @Rufnex, I solve this problem, and I wrote about in this post on my blog at: here [PT-BR]
Its a simple problem about openssl.cafile set on php.ini (PHP 5.6+)

(01-06-2015, 01:45 AM)Avenirer Wrote: That error is related to the firewall settings of your server... I think... and not to CodeIgniter.
Reply
#8

@kamikaze: can you translate your blogpost into english?

Reply
#9

(01-07-2015, 03:43 PM)kamikaze Wrote: @Avenirer Could you be more specific?

@Rômulo and @Rufnex, I solve this problem, and I wrote about in this post on my blog at: here [PT-BR]
Its a simple problem about openssl.cafile set on php.ini (PHP 5.6+)


(01-06-2015, 01:45 AM)Avenirer Wrote: That error is related to the firewall settings of your server... I think... and not to CodeIgniter.

So, was I right? It was a problem with the firewall and the ports?
Reply
#10

(01-08-2015, 02:14 AM)Avenirer Wrote:
(01-07-2015, 03:43 PM)kamikaze Wrote: @Avenirer Could you be more specific?

@Rômulo and @Rufnex, I solve this problem, and I wrote about in this post on my blog at: here [PT-BR]
Its a simple problem about openssl.cafile set on php.ini (PHP 5.6+)


(01-06-2015, 01:45 AM)Avenirer Wrote: That error is related to the firewall settings of your server... I think... and not to CodeIgniter.

So, was I right? It was a problem with the firewall and the ports?

I get solve this problem :

Edit File System/libraries/Email.php 

function _smtp_connect
change fsockopen to stream_socket_client
$context = stream_context_create([
            'ssl' => [
                'verify_peer' => false,
                'verify_peer_name' => false
            ]
        ]);



$this->_smtp_connect = stream_socket_client($ssl.$this->smtp_host . ':' 
                                        . $this->smtp_port,
                                        $errno,
                                        $errstr,
                                        $this->smtp_timeout,STREAM_CLIENT_CONNECT, $context);
Reply




Theme © iAndrew 2016 - Forum software by © MyBB