SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://
-
Hello!
On a sg-3100 running 2.4.5.r.20200305.1800
I started having a problem sending notifications setup via the System -> Advanced -> Notifications tab after updating to the 2.4.5_RC. Notifications worked fine in 2.4.4_p3 using the same smtp server.
Error is :
Could not send the message to foo@bar.com -- Error: Failed to connect to ssl://smtp.foo.local:465 [SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://smtp.foo.local:465 (Unknown error) (code: -1, response: )]
Crash dump:
[05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /usr/local/share/pear/Net/Socket.php on line 159
[05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): Failed to enable crypto in /usr/local/share/pear/Net/Socket.php on line 159
[05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): unable to connect to ssl://smtp.crownehill.local:465 (Unknown error) in /usr/local/share/pear/Net/Socket.php on line 159Setting:
<sslvalidate>disabled</sslvalidate> in the config
This problem appears to be similar to this thread :
https://forum.netgate.com/topic/138289/solved-smtp-notification-error-smtp-failed-to-connect-socket-fsockopen-with-tls-and-private-ca
Additional net chatter :
https://stackoverflow.com/questions/45942833/pear-mail-unable-to-connect-to-gmail-smtp-failed-to-connect-to-socket
Based on what I found, my poke-and-hope fix was to add
'verify_peer' => false
to the send_smtp_message socket_options in etc/inc/notices.incThis fixes the error in my environment.
I have no idea if this is a valid solution or if will will break something else.
I was hoping someone with a better understanding of the pfsense pkg environment and code could weigh in.Thanks!
John
-
Hi,
What you are saying is that some mail server out there that your are using is breaking the rules.
Like "asking you to use SSL and propoising invalid certificates". That like visiting a web site with uses expired certs, or a site that uses a revoked cert. You could use internal settings in your browser so it wouldn't mind ...As said in https://stackoverflow.com/questions/45942833/pear-mail-unable-to-connect-to-gmail-smtp-failed-to-connect-to-socket, you can check what happens using the command line, and the "openssl client" command :
openssl s_client -connect smtp.gmail.com:465 -starttls smtpreturns with
.... Verify return code: 0 (ok)which means : "all is ok, go ahead"
This :
works fine for me.
But take note : I set up may own mail server (postfix). pfSense cans end mails just fine. As Thunderbird, Outlook 2010, Outlook 365, etc, using SSL -
Based on what I found, my poke-and-hope fix was to add
'verify_peer' => false
to the send_smtp_message socket_options in etc/inc/notices.incThis fixes the error in my environment.
-
@serbus said in SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://:
bar.com
I guess the issue was solved : bar.com - and hopefully the MX attached to - it uses a cert that comes from a known issuer.
Can't really test it's a cloudfaire thing. -
Hello!
https://redmine.pfsense.org/issues/10317
John
-
@serbus said in SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://:
Hello!
https://redmine.pfsense.org/issues/10317
John
That one was solved 2.4.5-p1 is good.