Diagnostics Email Error with PHP 5.6.11

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Nirjonadda
    Member
    • Dec 2011
    • 65
    • 4.2.X

    Diagnostics Email Error with PHP 5.6.11

    I am getting error to email sending with PHP 5.6.11, No issue with PHP 5.5.27. Please let me fix on this issue.

    Issue here : http://tracker.vbulletin.com/browse/VBIV-16117

    ------------------------------------------
    The mailing function returned an error while trying to send the mail.
    The following errors were outputted by PHP when attempting to send mail:
    PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in ..../includes/class_mail.php on line 757
    PHP Warning: fsockopen(): Failed to enable crypto in ..../includes/class_mail.php on line 757
    PHP Warning: fsockopen(): unable to connect to ssl://na.nirmoladda.com:465 (Unknown error) in ..../includes/class_mail.php on line 757
    PHP User Warning: Unable to connect to SMTP server in ..../includes/class_mail.php on line 716
    Attached Files
  • Mark.B
    vBulletin Support
    • Feb 2004
    • 24286
    • 6.0.X

    #2
    This is the key part:
    Unable to connect to SMTP server

    Check the smtp server details and credentials in the AdminCP.

    MARK.B
    vBulletin Support
    ------------
    My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
    My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

    Comment

    • Nirjonadda
      Member
      • Dec 2011
      • 65
      • 4.2.X

      #3
      Yes, smtp server details and credentials in the AdminCP are OK, This issue only happen with PHP 5.6.11, I does not get any issue with PHP 5.5.27

      Comment

      • kh99
        Senior Member
        • Aug 2009
        • 533

        #4
        I think the problem is described here: http://php.net/manual/en/migration56.openssl.php . Basically, the default setting was changed to require verifying the SSL certificate, which requires a certificate file (actually, it's a "CA bundle"). So if your php doesn't have one set up it will fail.

        One way to fix it would be to explicitly set the location of the file when the connection is opened. A CA bundle file already exists in the paymentapi folder, so you could make this change to includes/class_mail.php (around line 755).

        Find this:
        PHP Code:
                if ($send_mail)
                {
                    
        $this->smtpSocket fsockopen($stream $this->smtpHost$this->smtpPort$errno$errstr30);

                    if (
        $this->smtpSocket)
                    { 
        and change it to this:
        PHP Code:
                if ($send_mail)
                {
                    
        // Change to specify the location of a CA bundle file
                    // The next line was commented out
                    //$this->smtpSocket = fsockopen($stream . $this->smtpHost, $this->smtpPort, $errno, $errstr, 30);
                    // Start of added code
                    
        $opts = array('ssl' => array('cafile' => DIR '/includes/paymentapi/ca-bundle.crt'));
                    
        $context stream_context_create($opts);
                    
        $this->smtpSocket stream_socket_client($stream $this->smtpHost ':' $this->smtpPort$errno$errstr30STREAM_CLIENT_CONNECT$context);
                     
        // end of added code

                    
        if ($this->smtpSocket)
                    { 

        Edit: ...but just to be clear, the problem can be solved by making a code change but it's not really a code problem or a bug. Your server really should be set up to find a default CA bundle file (as Paul M explained below).
        Last edited by kh99; Sun 19 Jul '15, 10:37am.

        Comment

        • Paul M
          Former Lead Developer
          vB.Com & vB.Org
          • Sep 2004
          • 9886

          #5
          This is really a set-up issue on the server, there are two new php.ini settings in php 5.6.x related to this ;
          • openssl.cafile

          The biggest impediment to secure peer verification is the lack of a CA file for name verification. By exposing a php.ini directive specifying a global CA file users/distros can eliminate the need for stream contexts to achieve secure peer verification. This global php.ini directive simplifies the process of specifying CA files in custom environments. This value should be left empty when using distros that supply a PHP version built against their own pre-compiled OpenSSL lib. Essentially, this directive is a convenience for power-users. If you are unsure of whether or not you need to specify a value for this directive then the answer is very likely, “No.”
          • openssl.capath

          The openssl.capath directive should remain empty unless users wish to explicitly avoid specifying their own custom hashed certificate directory path on each encrypted stream connection. The directive exists solely as a convenience for these users and as such can safely be left empty or unspecified both in development and production environments. Its use corresponds to the “capath” ssl stream context option and exists for power-users. If you are unsure of whether or not you need to specify a value for this directive then the answer is very likely, “No.”

          (https://wiki.php.net/rfc/tls-peer-verification)
          Baby, I was born this way

          Comment

          • Nirjonadda
            Member
            • Dec 2011
            • 65
            • 4.2.X

            #6
            If this server issue, why i am not getting any error with PHP 5.5.27? Only this error come with PHP 5.6.11

            Comment

            • Mark.B
              vBulletin Support
              • Feb 2004
              • 24286
              • 6.0.X

              #7
              Originally posted by Nirjonadda
              If this server issue, why i am not getting any error with PHP 5.5.27? Only this error come with PHP 5.6.11
              Please see Paul's post above.
              MARK.B
              vBulletin Support
              ------------
              My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
              My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

              Comment

              • kh99
                Senior Member
                • Aug 2009
                • 533

                #8
                Originally posted by Nirjonadda
                If this server issue, why i am not getting any error with PHP 5.5.27? Only this error come with PHP 5.6.11
                Well, "server issue" in this case means the php configuration, and the problem is triggered by a change in PHP5.6.

                It looks like openssl.cafile should work in an htaccess file (in the forum root directory). So instead of making a code change, (and assuming you don't have any other way to set up a default cert file), I think you really just need to put
                Code:
                php_value openssl.cafile path
                in your htaccess file (changing 'path' to the actual path to a ca bundle file). But I haven't tested this myself.
                Last edited by kh99; Sun 19 Jul '15, 2:36pm.

                Comment

                • Paul M
                  Former Lead Developer
                  vB.Com & vB.Org
                  • Sep 2004
                  • 9886

                  #9
                  Originally posted by Nirjonadda
                  If this server issue, why i am not getting any error with PHP 5.5.27? Only this error come with PHP 5.6.11
                  Your question answers itself, its a change in php 5.6 compared to php 5.5.

                  Baby, I was born this way

                  Comment

                  • Nirjonadda
                    Member
                    • Dec 2011
                    • 65
                    • 4.2.X

                    #10
                    If this issue with php 5.6 then how to change to server setting for php 5.6?

                    Comment

                    Related Topics

                    Collapse

                    Working...