Problem/Motivation

We had a use case where skipping cert verification was needed when using TLS. The client's SMTP server had a certificate which the server could not verify.

The error we were getting was:

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Proposed resolution

According to https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#updating-ca-... newer versions of the library can pass
options to the connection method.

Not sure if this is the approach we want, but here is a patch that brings in that part of the library. It's passed in as a Drupal variable and not configurable via Ui (not sure if that would make sense).

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
smtp_stream_context_options.patch2.73 KBPrimsi
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Primsi created an issue. See original summary.

Status: Needs review » Needs work

The last submitted patch, smtp_stream_context_options.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

skylord’s picture

skylord CreditAttribution: skylord commented

Thanks, works OK for me. Example drush command to set appropriate context options:
drush ev 'variable_set("smtp_stream_context_options", array("ssl" => array("verify_peer" => false, "verify_peer_name" => false, "allow_self_signed" => true)))'

finne’s picture

finne
Primary language Dutch
Location Amsterdam
CreditAttribution: finne at Noctilaris commented

This worked for me too. ++

skylord’s picture

skylord CreditAttribution: skylord commented
Status: Needs work » Closed (duplicate)

Was solved in 1.8, see #2566561: PHP 5.6 SSL operation failed with code 1