***BOGO*** Re: [PHP] fsockopen in phpmailer and tls

[Larry Brown <larry.brown@xxxxxxxxxxxxxxxxxxxxx>]

On Fri, 2008-09-05 at 00:58 -0400, Robert Cummings wrote:
> On Thu, 2008-09-04 at 23:20 -0400, Larry Brown wrote:
> > I am having a ball of a time trying to figure this one out... If anyone
> > has dealt with this before I'd love to get some morsels of wisdom from
> > you...
> > 
> > I am trying to connect to a postfix server I have set up remotely using
> > smtp auth with tls.  The postfix appears to be configured correctly at
> > this point.  I can telnet to port 25 and it will list tls as an option
> > as the howto describes it should.  I try to connect from php and get:
> > 
> > PHP Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL
> > Error messages:
> > error:1408F10B:SSL routines:func(143):reason(267)
> > in /opt/scriptsMain/include/class.smtp.php on line 122
> > 
> > I've googled this and someone seems very knowledgeable about it yet
> > describes the solution in a way that a mere mortal like myself can't
> > follow.  He states in part:
> > 
> > "Look at the error message:
> > error:1408F10B:SSL routines:func(143):reason(267)
> > 
> > Take the reason code (267) and determine the error:
> > grep 267 /usr/include/openssl/ssl.h
> > /usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER           
> >         267
> > 
> > Now google for SSL_R_WRONG_VERSION_NUMBER..."
> > 
> > ..."So in your server method configuration you must put:
> >       SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method())
> >     to correctely analyse the first client_hello message
> >     instead of 
> >       SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method())
> >     which i suppose you did"
> > 
> > So is he talking about modifying the source code in postfix and 
> > rebuilding it?  Have any of you guys dealt with this?...
> > 
> > By the way, when I started out I had a typo in the postfix 
> > config for the path to the certificates for ssl and was getting 
> > the same error message.  It wasn't until I saw in the postfix 
> > mail log that it couldn't read the cert.  So that was fixed but 
> > I continue to get the same message which I'm now thinking might 
> > be a red herring.
> 
> Possibly a complete waste of your time... but maybe you need to
> configure this setting:
> 
>     smtp_tls_mandatory_protocols
> 
>     http://www.postfix.org/postconf.5.html
> 
> Cheers,
> Rob.
> -- 


OK.  So I broke down and re-created my mail server due to its age.  I am
now running the latest sendmail and it is still failing.  The message in
the sendmail log is 

"...<remoteMachineIP>] did not issue MAIL/EXPN/VRFY/ETRN during
connection to MTA"

A little research is leading me to believe the client (php client
script) opened the socket but didn't send anything.  Now the certificate
that I'm using for the server is a self signed certificate.  Evolution
asked if I wanted to accept the certificate when I first connected and I
did.  After which it worked fine.  Is there a setting I must enable to
accept unknown certificates when a site is first connected to?

Any other ideas?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php