Localhost issue: OpenSSL error:1416F086 · PHPMailer/PHPMailer · Discussion #2682

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

正直的手电筒 · Not sending email ...· 1 月前 ·

豪气的炒饭 · php+mysql模拟队列发送邮件 · ...· 5 月前 ·

逼格高的蛋挞 · PHP 使用 PHPMailer 发送电子邮件· 5 月前 ·

爱运动的小狗 · php怎么代理发送邮件 • Worktile社区· 5 月前 ·

想发财的大脸猫 · 使用PHPMailer实现PHP发邮件功能详 ...· 5 月前 ·

鼻子大的小狗 · 【go】gorilla/websocket如 ...· 1 周前 ·

聪明伶俐的冰棍 · 对话投资人刘芹：认知不够，才不敢做疯狂的事_基金· 1 月前 ·

不开心的皮带 · 国办发〔2016〕80号 ...· 2 月前 ·

阳刚的小狗 · Python连接ActiveMQ的操作(当前 ...· 6 月前 ·

跑龙套的大熊猫 · Spring事务同步机制扩展解决加锁和MQ发 ...· 8 月前 ·

I tried this with no success: https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#certificate-verification-failure

My local env (for development):
Ubuntu 20.04
Xampp 7.4 => Apache/2.4.52 (Unix) OpenSSL/1.1.1m PHP/7.4.27 mod_perl/2.0.11 Perl/v5.32.1

If i do this, its working fine but this is only a bypass of the problem:

$mail->SMTPOptions = [
    'ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true,
What could it be? Any help or piste would be really appreciated
Debug log (over ssl):
2022-05-15 05:22:55 Connection: opening to ssl://xxxxxxxxxx.com:465, timeout=300, options=array()
2022-05-15 05:22:56 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [/opt/lampp/htdocs/testsite/testsite/vendor/phpmailer/phpmailer/src/SMTP.php line 389]
2022-05-15 05:22:56 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [/opt/lampp/htdocs/testsite/testsite/vendor/phpmailer/phpmailer/src/SMTP.php line 389]
2022-05-15 05:22:56 Connection failed. Error #2: stream_socket_client(): unable to connect to ssl://xxxxxxxxxx.com:465 (Unknown error) [/opt/lampp/htdocs/testsite/testsite/vendor/phpmailer/phpmailer/src/SMTP.php line 389]
2022-05-15 05:22:56 SMTP ERROR: Failed to connect to server: (0)
SMTP Error: Could not connect to SMTP host.
Message could not be sent. Mailer Error: SMTP Error: Could not connect to SMTP host.
Debug log (over tls):
2022-05-15 16:02:34 Connection: opening to xxxxxxxx.com:587, timeout=300, options=array()
2022-05-15 16:02:39 Connection: opened
2022-05-15 16:02:39 SERVER -> CLIENT: xxxxxwebhost.com ESMTP Exim 4.94.2 #2 Sun, 15 May 2022 12:02:39 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2022-05-15 16:02:39 CLIENT -> SERVER: EHLO test.localhost
2022-05-15 16:02:39 SERVER -> CLIENT: xxxxxwebhost.com Hello test.localhost [my ip adress]250-SIZE 52428800250-8BITMIME250-PIPELINING250-PIPE_CONNECT250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2022-05-15 16:02:39 CLIENT -> SERVER: STARTTLS
2022-05-15 16:02:40 SERVER -> CLIENT: 220 TLS go ahead
2022-05-15 16:02:40 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [/opt/lampp/htdocs/testsite/testsite/vendor/phpmailer/phpmailer/src/SMTP.php line 468]
SMTP Error: Could not connect to SMTP host. Connection failed. stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2022-05-15 16:02:40 CLIENT -> SERVER: QUIT
2022-05-15 16:02:40 Connection: closed
SMTP Error: Could not connect to SMTP host. Connection failed. stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Message could not be sent. Mailer Error: SMTP Error: Could not connect to SMTP host. Connection failed. stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
      I found out what was the problem.
If you are using php as an apache module and using the PHPINIDir for your vhost, then you might face this problem aswell.
Doing so, the default configuration (php.ini) file wasnt loaded (where i did put: openssl.cafile = /etc/ssl/cacert.pem, ...)
Solution
Put this into 'index.php' on your vhosted site (where you are using PHPmailer):

<?php echo phpinfo(); ?>
Then find the line: Loaded Configuration File

This is where you need to put the path of your CA bundle.
        Hi, Thanks for your reply,
I downloaded the CA here: https://curl.haxx.se/ca/cacert.pem
Then placed it to: /etc/ssl/cacert.pem
Then updated my php.ini file in xampp with those line added:
# Old
;openssl.cafile = /opt/lampp/share/curl/curl-ca-bundle.crt
# New
openssl.cafile = /etc/ssl/cacert.pem
curl.cainfo = /etc/ssl/cacert.pem
Restarted my server,

But the problem still persist
echo QUIT | openssl s_client -crlf -starttls smtp -CAfile /etc/ssl/cacert.pem -connect smtp.gmail.com:58
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = smtp.gmail.com
verify return:1
Certificate chain
 0 s:CN = smtp.gmail.com
   i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
Server certificate
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
subject=CN = smtp.gmail.com
issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
SSL handshake has read 4580 bytes and written 429 bytes
Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
250 SMTPUTF8
        I found out what was the problem.
If you are using php as an apache module and using the PHPINIDir for your vhost, then you might face this problem aswell.
Doing so, the default configuration (php.ini) file wasnt loaded (where i did put: openssl.cafile = /etc/ssl/cacert.pem, ...)
Solution
Put this into 'index.php' on your vhosted site (where you are using PHPmailer):

<?php echo phpinfo(); ?>
Then find the line: Loaded Configuration File

This is where you need to put the path of your CA bundle.
        Hi, I'm having a similar issue, but I don't have a cacert.pem file.

I'm running Debian and I have a lot of certificates in /etc/ssl/certs but nothing called cacert.pem

It's weird because I've been using ssl, ssh, tls, secure websites on apache, and postfix all running fine.

My SwiftMailer is also working, but as SwiftMailer is no longer being developed I'm moving to PHPMailer, which is when my issues started.  Why would PHPMailer being having issues when nothing else is????
PS I'm only trying to connect to localhost:25
From my server log:
[7-11-23 10:50am] [115.189.128.206] [MYLOG] override-smtp: host=localhost port=25

[7-11-23 10:50am] [115.189.128.206] PHPMailer EXCEPTION: SMTP Error: Could not connect to SMTP host. Connection failed. stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
        This is not the same problem as in this discussion. No matter what cert bundle you have, you won't have one that matches localhost. The problem your'e having will be because your mail server is advertising STARTTLS when you connect to it on localhost, and that causes PHPMailer to automatically enable encryption, however, it will not be able to do so because the cert will never verify. The solution though is simple:
$mail->SMTPAutoTLS = false;
This prevents opportunistic encryption, so it won't need to match the CA cert.
More generally, the certificates that PHPMailer uses when sending email are entirely independent of anything you're using on your web site; it's the target server's certificate that matters there, not your own.
        Just to confirm, this is only a problem with 'localhost'.  When working with other SMTP servers it will work fine with the SMTPAutoTLS as true.
From my testing this seems to be working as you describe.

Thanks for your help.  I'm not sure I understand exactly why it didn't work for localhost.  Localhost is just another SMTP service from my perspective and should still operate with encryption between the SMTP client and server.
        Yes, this is only a problem with localhost; it will work fine elsewhere. The fault is really that the mail server should not advertise STARTTLS when connections are from localhost.
Regular encryption approaches will fail with localhost because you can't get a certificate that is valid for localhost (at least not from a public CA). It's also pointless, as traffic to localhost doesn't travel across the network, so has no need of encryption. In fact, I should probably prevent PHPMailer from doing automatic TLS if the host is localhost.