PHPMailer issue mailing over SSL

[fastslack]

I tried to send emails over SSL server and receive this error:

<b>Warning</b>:  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in <b>/var/www/web/libraries/vendor/phpmailer/phpmailer/class.smtp.php</b> on line <b>355</b><br />

Summary of Changes

If options is not sent, append to options array needed ssl values.

Testing Instructions

Try to send an email over SSL.

Documentation Changes Required

[yvesh]

@fastslack with your PR you allow any ssl-certificate (not only self-signed) to be trusted by default.

http://php.net/manual/en/context.ssl.php

and see PHPMailer troubleshooting:

https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

This is a really bad idea to be the default. If you want you can create a setting for allowing self-signed certificates, but the default should be always false then.

[andrepereiradasilva]

👎 to this
the goal of forcing certificate verify is to increase secutity, not just ignore it.

i agree with @yvesh, if you want to create an option to bypass certificate verify for self-signed certificate i have no issue with that (if that option it doesn't exist already), but never be the default one

[zero-24]

And as this is an upstream repo and upstream code please try to contact them to fix it (in any way) so we get it down when they fixed it for all.

I'm closing here.

[fastslack]

@yvesh @andrepereiradasilva @zero-24 There is no way to solve this without hacking Joomla! code. Every time that Joomla! Updates i need to hack code.

Maybe PR is bad, but there is a good idea to have an option to configure this without hacking code

[mbabker]

Either way you need to submit the fix to PHPMailer or refactor the mail library to extend this class to use your added logic. Hacking third party code is NOT a good idea.

[zero-24]

That is what i mean with upstream. As we using the phpmailer here the change needs to be implemented there. We can't hack that lib as the change is reverted after the next php mailer update as well ;)

[fastslack]

@mbabker ok, im sending this issue to PHPMailer too. But the issue occurs when i trying to send an email using the test email on Joomla! configuration.

Maybe a simple fix on libraries/joomla/mail/mail.php could be helpful

[mbabker]

JMail extends PHPMailer and the class that's throwing that error is another one. I don't know the call stack to get to that point so there may be a way to do a local fix otherwise you're going to have to create a JMailSmtp class extending the SMTP class, override PHPMailer::getSMTPInstance() to get our object, and implement your added logic into the extended class.

[fastslack]

That is the reason that i tried to fix 'SMTP' class directly :( Thanks anyway guys

[andrepereiradasilva]

the test send mail in global config goes to com_config Sendtestmail application controller https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_config/controller/application/sendtestmail.php#L49

whicha calls the com_config application model. here https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_config/model/application.php#L806

which in turn call JMail::sendMail https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/mail/mail.php#L674

as michael said JMail is extending PHPMailer class

[fastslack]

It would be fantastic to have the possibility to send options to PHPMailer/SMTP throw JMail

[rvbgnu]

Hi everyone,
I have the same warning on one web site. It is from the Joomla contact form, and after reading many threads about the bad error handling from JMail (thanks @mbabker for the explanation here #9577 (comment)), I am still left without a proper fix, or a work around.

The difficulty is that the error, contact form not working, is intermittent. I would like, at least, add some code, even a hack, to get more error details. Hopefully we would have a better error handling and reported back for JMail. In the meantime, what shoudl I add to the code, to gather error logs?

If I can help adding and testing the code, I would do, and having a large scale live context to validate it ;-)