NotionCommotion Posted September 6, 2016 Share Posted September 6, 2016 (edited) I recently upgraded from PHP5.5 to PHP5.6. I just noticed that PHPMailer is no longer working, and I get the following error: An error occurred in script '/var/www/application/classes_3rd/PHPMailer/class.smtp.php' on line 344: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (error no: 2). According to https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting: PHP 5.6 certificate verification failureIn a change from earlier versions, PHP 5.6 verifies certificates on SSL connections. If the SSL config of the server you are connecting to is not correct, you will get an error like this: Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended: $mail->SMTPOptions = array('ssl' => array('verify_peer' => false,'verify_peer_name' => false,'allow_self_signed' => true)); You can also change these settings globally in your php.ini, but that's a really bad idea; PHP 5.6 made this change for very good reasons. Sometimes this behaviour is not quite so apparent; sometimes encryption failures may appear as the client issuing a QUIT immediately after trying to do a STARTTLS. If you see that happen, you should check the state of your certificates or verification settings. I have made the hack fix and it works, however, I would like to do it right and make sure SSL is configured correctly. When testing my URI on https://www.sslshopper.com/ssl-checker.html, it shows all green. Don't know if it matters, but I have a wildcard certificate (i.e. variable.fixed.example.com for any "variable"). My PHPMailer version is 5.2.12. variable.fixed.example.com resolves to 123.456.789.123 Server Type: Apache/2.2.15 (CentOS) The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed). The certificate was issued by StartCom. Write review of StartCom The certificate will expire in 148 days. The hostname (variable.fixed.example.com) is correctly listed in the certificate. Common name: fixed.example.com SANs: fixed.example.com, example.com, *.fixed.example.com Organization: Michael Reed Location: Bothell, Washington, US Valid from February 1, 2015 to February 1, 2017 Serial Number: xxx(0xxxx) Signature Algorithm: sha256WithRSAEncryption Issuer: StartCom Class 2 Primary Intermediate Server CA Common name: StartCom Class 2 Primary Intermediate Server CA Organization: StartCom Ltd. Location: IL Valid from October 24, 2007 to October 24, 2017 Serial Number: 27 (0x1b) Signature Algorithm: sha256WithRSAEncryption Issuer: StartCom Certification Authority Any recommendations? Thank you Edited September 6, 2016 by NotionCommotion Quote Link to comment https://forums.phpfreaks.com/topic/302091-error-with-stream_socket_enable_crypto/ Share on other sites More sharing options...
kicken Posted September 6, 2016 Share Posted September 6, 2016 That site only checks your HTTP setup. PHPMailer is concerned with your SMTP setup, which generally just comes pre-configured with a self-signed certificate which will fail verifications due to it not being from a trusted source. What you need to do is configure your mail server software to use a certificate from a trusted authority. The certificate's host name needs to match that of your mail server's name. So if your mail server is mail.example.com you need a certificate for mail.example.com Quote Link to comment https://forums.phpfreaks.com/topic/302091-error-with-stream_socket_enable_crypto/#findComment-1537129 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.