Project

General

Profile

Bug #5604

SSL/TLS SMTP notfications not working

Added by Ivor Kreso over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
Notifications
Target version:
Start date:
12/05/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.3
Affected Architecture:
All

Description

On the latest snapshot SMTP notifications are not working. System log shows:

/system_advanced_notifications.php: Could not send the message to -- Error: could not connect to the host "smtp.domain.com": ??

Associated revisions

Revision b97c7ee5 (diff)
Added by Renato Botelho over 3 years ago

Update smtp class to latest version, fixes #5604

- SMTP class from
http://www.phpclasses.org/package/14-PHP-Sends-e-mail-messages-via-SMTP-protocol.html
- Adapt code to current version, only change was tls parameter became
start_tls

Revision 2cb37fa6 (diff)
Added by Renato Botelho over 3 years ago

Silence stream_socket_enable_crypto() warning when CN doesn't match. Fixes #5604

History

#1 Updated by Ivor Kreso over 3 years ago

  • Assignee deleted (Jim Pingle)

#2 Updated by Chris Buechler over 3 years ago

It has bidirectional with gmail on 465 when trying to send a notification, but fails to send anything.

#3 Updated by Jim Pingle over 3 years ago

Works for me on 25 with no auth.

SSL verification failing perhaps?

#4 Updated by Ivor Kreso over 3 years ago

I don't think so, settings were not changed prior the update. I got "Firmware upgrade in progress..." email on 2.2.5, but upon reboot I did not get any email.

#5 Updated by Ivor Kreso over 3 years ago

I've just verified the settings with another 2.2.5 box using the same settings, no issues there. It's definitely something with 2.3 that's preventing SMTP notifications.

#6 Updated by Jim Pingle over 3 years ago

No, not user/pass auth - just SSL certificate verification.

It works for me on mail severs I can access if I use:
  • No auth via port 25 (from an IP I can relay through)
  • Plain auth on port 587 (no encryption)

If it fails for you with either "SMTP over SSL/TLS" or "STARTTLS" checked in the GUI that would suggest a problem in the SSL certificate negotiation or verification. We've enabled a lot more of those things on 2.3, the mail library that's in use might need a nudge toward /etc/ssl/cert.pem or some other similar adjustment, and perhaps a checkbox to disable verification in the GUI.

#7 Updated by Jim Thompson over 3 years ago

  • Assignee set to Renato Botelho

#8 Updated by Kill Bill over 3 years ago

Jim P wrote:

and perhaps a checkbox to disable verification in the GUI.

I'd say any verification should be just disabled by default. Vast majority of mailservers has either self-signed, crappy, non-matching or even expired certificates.

#9 Updated by Doug Dimick over 3 years ago

It fails using gmail's smtp server, I tried both SSL and STARTTLS. My guess is that it isn't due to a bad server cert.

#10 Updated by Chris Buechler over 3 years ago

  • Subject changed from SMTP notfications not working to SSL/TLS SMTP notfications not working
  • Status changed from New to Confirmed

It is because of certificate validation failures. PHP 5.6 openssl enabled verification by default, it was disabled for notifications previously. Looks like gmail's cert should validate though, seems it's somehow missing ca_root_nss.

#11 Updated by Chris Buechler over 3 years ago

still missing something after setting openssl.cafile in php.ini

#12 Updated by Renato Botelho over 3 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#13 Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Assigned

It appears to work fine now when the SSL certificate validates. When it doesn't, however, a PHP error occurs:

Starting TLS cryptograpic protocol

Warning: stream_socket_enable_crypto(): Peer certificate CN=`www.example.com' did not match expected CN=`192.0.2.22' in /etc/inc/smtp.inc on line 1269

Call Stack:
    0.0001     238824   1. {main}() /usr/local/www/system_advanced_notifications.php:0
    0.2545    2086080   2. notify_via_smtp() /usr/local/www/system_advanced_notifications.php:212
    0.2661    2086544   3. send_smtp_message() /etc/inc/notices.inc:333
    0.2665    2117048   4. smtp_class->SendMessage() /etc/inc/notices.inc:392
    0.2665    2117688   5. smtp_class->Connect() /etc/inc/smtp.inc:1845
    0.4152    2130512   6. stream_socket_enable_crypto() /etc/inc/smtp.inc:1269

Cert CN/server IP changed but the rest of the error is verbatim.

#14 Updated by Renato Botelho over 3 years ago

  • Status changed from Assigned to Feedback

#15 Updated by Renato Botelho over 3 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF