PHPMailer 生成 PHP 警告:stream_socket_enable_crypto():对等证书与预期不匹配 [英] PHPMailer generates PHP Warning: stream_socket_enable_crypto(): Peer certificate did not match expected

问题描述

我在 PHP 5.6 上使用 PHPMailer，围绕 PHP 5.6 认证的增强安全性当然很有趣.

I am using PHPMailer on PHP 5.6, the increased security around certificated in PHP 5.6 is certainly fun.

我正在尝试向 Dreamhost 上托管的域发送测试消息，从 PHPMailer 返回的错误是:无法连接到 SMTP 主机.

I am trying to send a test message to a domain hosted on dreamhost, the error that comes back from PHPMailer is: Could not connect to SMTP host.

不过那个错误是不对的，我启用了日志记录，这是实际发生的事情.

That error is not right though, I have logging enabled and here is what is actually going on.

连接:打开到 mx1.sub4.homie.mail.dreamhost.com:25，timeout=30, options=array ( ) 连接:打开 S:220homiemail-mx32.g.dreamhost.com ESMTP

Connection: opening to mx1.sub4.homie.mail.dreamhost.com:25, timeout=30, options=array ( ) Connection: opened S: 220 homiemail-mx32.g.dreamhost.com ESMTP

C: EHLO s81a.ikbb.com

C: EHLO s81a.ikbb.com

S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME

S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME

C:STARTTLS

S: 220 2.0.0 准备启动 TLS

S: 220 2.0.0 Ready to start TLS

C:退出

S:SMTP 错误:QUIT 命令失败:连接:关闭

S: SMTP ERROR: QUIT command failed: Connection: closed

我不明白为什么 PHPMailer 只是放弃，在应该开始发送消息时发出 QUIT 命令.我从另一个日志中得到了另一个线索:

I could not understand why PHPMailer just gives up, issuing a QUIT command when it should start sending the message. I got another clue from another log:

PHP 警告:stream_socket_enable_crypto():对等证书 CN=*.mail.dreamhost.com' 与/home 中的预期 CN=mx1.sub4.homie.mail.dreamhost.com' 不匹配/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php

PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php

如果我使用一些自定义选项来阻止验证他们正在使用的证书，我可以让它继续.这是我所拥有的:

If I use some custom options to prevent validation of the cert they are using I can get it to continue. Here is what I have:

        $mail->SMTPOptions = array (
        'ssl' => array(
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true));

如果我将 SMTPOptions 放在那里并跳过对等验证，消息会正常 - 在 PHP 中根本没有警告.

If I put the SMTPOptions in there and skip the peer verification, message goes OK - with no warning in PHP at all.

如何捕获该错误，以便我知道存在问题但仍发送消息?

How can I trap that error, so I know there is an issue but still send the message?

推荐答案

我遇到了同样的问题，我在 PHPMailer 文档.

I had the same problem and I found the answer in the PHPMailer documentation.

PHP 5.6 证书验证失败

与早期版本相比，PHP 5.6 会验证 SSL 连接上的证书.如果您连接的服务器的 SSL 配置不正确，您将收到如下错误:

In a change from earlier versions, PHP 5.6 verifies certificates on SSL connections. If the SSL config of the server you are connecting to is not correct, you will get an error like this:

Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

正确的解决方法是用一个好的证书替换无效、错误配置或自签名的证书.如果失败，您可以通过 PHPMailer 5.2.10 中引入的 SMTPOptions 属性允许不安全的连接(可以通过对早期版本中的 SMTP 类进行子类化来实现这一点)，但不建议这样做:

The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended:

$mail->SMTPOptions = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);

您也可以在 php.ini 中全局更改这些设置，但这是一个非常糟糕的主意；PHP 5.6 做出此更改的理由非常充分.

You can also change these settings globally in your php.ini, but that's a really bad idea; PHP 5.6 made this change for very good reasons.

有时这种行为并不那么明显；有时加密失败可能会出现，因为客户端在尝试执行 STARTTLS 后立即发出 QUIT.如果您看到这种情况，您应该检查您的证书或验证设置的状态.

Sometimes this behaviour is not quite so apparent; sometimes encryption failures may appear as the client issuing a QUIT immediately after trying to do a STARTTLS. If you see that happen, you should check the state of your certificates or verification settings.

这篇关于PHPMailer 生成 PHP 警告:stream_socket_enable_crypto():对等证书与预期不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！