PHPMailer生成PHP警告:stream_socket_enable_crypto():对等证书与预期的不匹配 [英] PHPMailer generates PHP Warning: stream_socket_enable_crypto(): Peer certificate did not match expected
问题描述
我在PHP 5.6上使用PHPMailer,围绕PHP 5.6中的证书提高的安全性当然很有趣.
I am using PHPMailer on PHP 5.6, the increased security around certificated in PHP 5.6 is certainly fun.
我正在尝试将测试消息发送到托管在dreamhost上的域,PHPMailer返回的错误是:无法连接到SMTP主机.
I am trying to send a test message to a domain hosted on dreamhost, the error that comes back from PHPMailer is: Could not connect to SMTP host.
该错误是不正确的,我已启用日志记录,这是实际发生的情况.
That error is not right though, I have logging enabled and here is what is actually going on.
连接:打开mx1.sub4.homie.mail.dreamhost.com:25, 超时= 30,选项=数组()连接:打开S:220 homiemail-mx32.g.dreamhost.com ESMTP
Connection: opening to mx1.sub4.homie.mail.dreamhost.com:25, timeout=30, options=array ( ) Connection: opened S: 220 homiemail-mx32.g.dreamhost.com ESMTP
C:EHLO s81a.ikbb.com
C: EHLO s81a.ikbb.com
S:250-homiemail-mx32.g.dreamhost.com 250-管道250-尺寸40960000 250-ETRN 250-STARTTLS 250-增强状态代码250 8BITMIME
S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME
C:STARTTLS
C: STARTTLS
S:220 2.0.0准备启动TLS
S: 220 2.0.0 Ready to start TLS
C:退出
S:SMTP错误:QUIT命令失败:连接:已关闭
S: SMTP ERROR: QUIT command failed: Connection: closed
我不明白为什么PHPMailer只是放弃,当它应该开始发送消息时发出QUIT命令.我从另一个日志中得到了另一个线索:
I could not understand why PHPMailer just gives up, issuing a QUIT command when it should start sending the message. I got another clue from another log:
PHP警告:stream_socket_enable_crypto():对等证书CN = *.mail.dreamhost.com' did not match expected CN= mx1.sub4.homie.mail.dreamhost.com"位于/home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2中.10/class.smtp.php
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
如果我使用一些自定义选项来阻止对证书的验证,那么我可以继续使用它.这是我所拥有的:
If I use some custom options to prevent validation of the cert they are using I can get it to continue. Here is what I have:
$mail->SMTPOptions = array (
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true));
如果我在其中放置SMTPOptions并跳过了对等验证,则消息会正常运行-在PHP中完全没有警告.
If I put the SMTPOptions in there and skip the peer verification, message goes OK - with no warning in PHP at all.
如何捕获该错误,所以我知道有问题,但仍发送消息吗?
How can I trap that error, so I know there is an issue but still send the message?
推荐答案
我遇到了同样的问题,并且在 PHPMailer文档.
I had the same problem and I found the answer in the PHPMailer documentation.
PHP 5.6证书验证失败
与早期版本相比,PHP 5.6验证SSL连接上的证书.如果您要连接的服务器的SSL配置不正确,则会出现如下错误:
In a change from earlier versions, PHP 5.6 verifies certificates on SSL connections. If the SSL config of the server you are connecting to is not correct, you will get an error like this:
Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
正确的解决方法是用一个好的证书替换无效,配置错误或自签名的证书.如果失败,则可以通过PHPMailer 5.2.10中引入的SMTPOptions属性允许不安全的连接. (可以通过在早期版本中将SMTP类子类化来实现),尽管不建议这样做:
The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended:
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
您也可以在php.ini中全局更改这些设置,但这是一个非常糟糕的主意. PHP 5.6进行此更改的原因非常充分.
You can also change these settings globally in your php.ini, but that's a really bad idea; PHP 5.6 made this change for very good reasons.
有时候,这种行为并不十分明显.有时,在客户端尝试执行STARTTLS之后立即发出QUIT命令时,可能会出现加密失败的情况.如果发现这种情况发生,则应检查证书或验证设置的状态.
Sometimes this behaviour is not quite so apparent; sometimes encryption failures may appear as the client issuing a QUIT immediately after trying to do a STARTTLS. If you see that happen, you should check the state of your certificates or verification settings.
这篇关于PHPMailer生成PHP警告:stream_socket_enable_crypto():对等证书与预期的不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
