SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://
serbus last edited by serbus
On a sg-3100 running 2.4.5.r.20200305.1800
I started having a problem sending notifications setup via the System -> Advanced -> Notifications tab after updating to the 2.4.5_RC. Notifications worked fine in 2.4.4_p3 using the same smtp server.
Error is :
Could not send the message to firstname.lastname@example.org -- Error: Failed to connect to ssl://smtp.foo.local:465 [SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://smtp.foo.local:465 (Unknown error) (code: -1, response: )]
[05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /usr/local/share/pear/Net/Socket.php on line 159
[05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): Failed to enable crypto in /usr/local/share/pear/Net/Socket.php on line 159
[05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): unable to connect to ssl://smtp.crownehill.local:465 (Unknown error) in /usr/local/share/pear/Net/Socket.php on line 159
<sslvalidate>disabled</sslvalidate> in the config
This problem appears to be similar to this thread :
Additional net chatter :
Based on what I found, my poke-and-hope fix was to add
'verify_peer' => false
to the send_smtp_message socket_options in etc/inc/notices.inc
This fixes the error in my environment.
I have no idea if this is a valid solution or if will will break something else.
I was hoping someone with a better understanding of the pfsense pkg environment and code could weigh in.
Gertjan last edited by
What you are saying is that some mail server out there that your are using is breaking the rules.
Like "asking you to use SSL and propoising invalid certificates". That like visiting a web site with uses expired certs, or a site that uses a revoked cert. You could use internal settings in your browser so it wouldn't mind ...
As said in https://stackoverflow.com/questions/45942833/pear-mail-unable-to-connect-to-gmail-smtp-failed-to-connect-to-socket, you can check what happens using the command line, and the "openssl client" command :
openssl s_client -connect smtp.gmail.com:465 -starttls smtp
.... Verify return code: 0 (ok)
which means : "all is ok, go ahead"
works fine for me.
But take note : I set up may own mail server (postfix). pfSense cans end mails just fine. As Thunderbird, Outlook 2010, Outlook 365, etc, using SSL