SMTP notifications validating SSL when option disabled
The function send_smtp_message in etc/inc/notices.inc will try to verify the SSL certificate, even though the Validate SSL/TLS option is disabled in System -> Advanced -> Notifications.
This results in the error:
[05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /usr/local/share/pear/Net/Socket.php on line 159
And the notification is not sent.
The default php ssl context options are verify_peer = true and verify_peer_name = true.
When sslvalidate is disabled in the config, the send_smtp_message code only sets verify_peer_name to false. verify_peer is still true.
verify_peer is defined as "Require verification of SSL certificate used"
Adding verify_peer=false to the socket_options when sslvalidate is disabled resolves the error and the notification is sent.
Updated by Viktor Gurov over 3 years ago
- Category set to Notifications