F3 SMTP Debugging "SSL: Connection reset by peer"

[Nikolaos Giannopoulos]

I am using PHP 7.0 and have the following code:

$smtp = new \SMTP("secure.emailsrvr.com", 465, "TLS", <username>, <password>);
 
$smtp->set('Content-type', 'text/html; charset=UTF-8');
$smtp->set('From', 'te...@example.com');
$smtp->set('To', 'te...@example.com');
$smtp->set('Subject', 'This is a test');  
$smtp->set('Errors-to', 'te...@example.com');
 
$sent = $smtp->send($message);
echo "DEBUG=" . $smtp->log . "<hr>" ;

and it appears that the SMTP code fails to connect to the server and I have verified the hostname, port, protocol, and credentials.

I get the following error:

[Fri Feb 17 05:07:49 2017] stream_socket_enable_crypto(): SSL: Connection reset by peer
[Fri Feb 17 05:07:49 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:2152] Base->error()
[Fri Feb 17 05:07:49 2017] [/hm/sw/community/skgca/deployment/private/lib/SMTP.php:210] stream_socket_enable_crypto()
[Fri Feb 17 05:07:49 2017] [app/Support/Integration/BelieveF3Support.php:251] SMTP->send()
[Fri Feb 17 05:07:49 2017] [app/Controls/Common/RegisterController.php:79] Support\Integration\BelieveF3Support::sendSMTPEmail()
[Fri Feb 17 05:07:49 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:1776] Controls\Common\RegisterController->edit()
[Fri Feb 17 05:07:49 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:1599] Base->call()
[Fri Feb 17 05:07:49 2017] [index.php:52] Base->run()

Looking at line 210 I see:

 stream_socket_enable_crypto(
     $socket,TRUE,STREAM_CRYPTO_METHOD_TLS_CLIENT);

So after a lot of research I thought perhaps TLSv1.2 needs to be specified so I tried:

 stream_socket_enable_crypto(
     $socket,TRUE,STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);

But that had no effect.  Does this work with TLS?  Anyone have any ideas on how I can debug / resolve this issue?

I have spent several hours to no avail.  Also I assume as failure is early in the process there isn't much in the way of logs or am I missing something?

Thanks,

--Nikolaos

[ved]

Hi, 

Have you tried using port 587?

[Nikolaos Giannopoulos]

Hi Ved,

I just tried that and it resulted in the following different error:

[Fri Feb 17 06:19:04 2017] stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[Fri Feb 17 06:19:04 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:2152] Base->error()
[Fri Feb 17 06:19:04 2017] [/hm/sw/community/skgca/deployment/private/lib/SMTP.php:210] stream_socket_enable_crypto()
[Fri Feb 17 06:19:04 2017] [app/Support/Integration/BelieveF3Support.php:251] SMTP->send()
[Fri Feb 17 06:19:04 2017] [app/Controls/Common/RegisterController.php:79] Support\Integration\BelieveF3Support::sendSMTPEmail()
[Fri Feb 17 06:19:04 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:1776] Controls\Common\RegisterController->edit()
[Fri Feb 17 06:19:04 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:1599] Base->call()

Thoughts?

--Nikolaos

[ved]

It appears as that's some kind of issue with the mail server's certificate or configuration.

Is the mail server managed by you?

See these (apparently) relevant SO answers:

http://stackoverflow.com/questions/30371910/phpmailer-generates-php-warning-stream-socket-enable-crypto-peer-certificate

http://stackoverflow.com/questions/26827192/phpmailer-ssl3-get-server-certificatecertificate-verify-failed

They're related to PHPMailer and not F3 but the error seems to be the same and it appears to be related with badly configured or self signed certificates.

[Nikolaos Giannopoulos]

No.  Definitely not managed by me... this is a RackSpace Email hosting account.

--Nikolaos

[ved]

Yeah, you should file a support request with Rackspace, maybe they can give you some more info or better debug the issue.

You can also first try running a test using PHPMailer or another php email library to test if it also gives the same error just to be sure that it's not an F3 exclusive issue.

Other than that, sorry but I don't think I can figure out what's wrong :-/ 

[Nikolaos Giannopoulos]

So it appears they have a different server FQDN for insecure SMTP... when I tried 25 or 587 with smtp.emailsrvr.com the email went through.

Of course this doesn't help with the issue at hand were in I have say Thunderbird configured... with 465 and secure.emailsrvr.com as my default SMTP and have no issues yet it fails to work in both F3 SMTP takes about 30 seconds and fails with the peer error above AND with PHPMailer which also takes about 30 seconds but fails without error (i.e. no email sent).

One thing about the SMTP F3 component that I found to be an issue - but did not resolve my issue - is the redefinition of STREAM_CRYPTO_METHOD_TLS_CLIENT (used on line 210) in PHP >= 5.6 which now essentially only provides TLS 1.0 and TLS 1.1 and 1.2 constants were added.  PHPMailer has better code as follows and SMTP F3 would benefit to do the same:

        //Allow the best TLS version(s) we can
        $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;

        //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
        //so add them back in manually if we can
        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
        }

Once again - this does not solve my issue but allows the SMTP F3 component to work with any version of PHP and make TLSv1.0, 1.1 or 1.2 connections.

--Nikolaos

[ved]

Have you tried changing class initialization from:

$smtp = new \SMTP("secure.emailsrvr.com", 465, "TLS", <username>, <password>);

to:

$smtp = new \SMTP("secure.emailsrvr.com", 465, "SSL", <username>, <password>);

[Nikolaos Giannopoulos]

I tried that before and for good measure again and it fails immediately with a 500 error.

[Fri Feb 17 10:37:41 2017] HTTP 500 (GET /register/edit/A123)
[Fri Feb 17 10:37:41 2017] [/hm/sw/community/skgca/deployment/private/lib/SMTP.php:197] Base->error()
[Fri Feb 17 10:37:41 2017] [app/Support/Integration/BelieveF3Support.php:252] SMTP->send()

Definitely a good suggestion.... :-)

--Nikolaos

[ved]

Error 500 should give you some more information on your webserver's error log about what exactly is causing the issue.

Do you have php's openssl extension enabled?

[Nikolaos Giannopoulos]

Using the PHP7.0 built-in web server so I presume the console output is the full log.  Yes?

[Fri Feb 17 10:37:41 2017] HTTP 500 (GET /register/edit/A123)
[Fri Feb 17 10:37:41 2017] [/hm/sw/community/skgca/deployment/private/lib/SMTP.php:197] Base->error()
[Fri Feb 17 10:37:41 2017] [app/Support/Integration/BelieveF3Support.php:252] SMTP->send()

[Fri Feb 17 10:37:41 2017] [app/Controls/Common/RegisterController.php:79] Support\Integration\BelieveF3Support::sendEmailF3()
[Fri Feb 17 10:37:41 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:1776] Controls\Common\RegisterController->edit()
[Fri Feb 17 10:37:41 2017] [/hm/sw/community/skgca/deployment/private/lib/base.php:1599] Base->call()
[Fri Feb 17 10:37:41 2017] [index.php:52] Base->run()
[Fri Feb 17 10:37:41 2017] 127.0.0.1:61456 [500]: /register/edit/A123

Here is a dump of my php info for openssl (I am using a Mac and PHP7 has been installed via HomeBrew).

UPDATE:  I just resolved the issue by setting the CA file.  I had set it earlier but as it didn't resolve the issue (probably had something else off at the time) I removed it.  But in fact if the CA file is not present then there without root CA certs there is no way to trust any signed certificates hence the failure.  Not sure why the TLS would hang for 30 or so seconds though.  In any event, problem solved....

openssl

OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.2j  26 Sep 2016
OpenSSL Header Version => OpenSSL 1.0.2j  26 Sep 2016
Openssl default config => /usr/local/etc/openssl/openssl.cnf

Directive => Local Value => Master Value
openssl.cafile => /usr/local/share/ca-bundle.crt => /usr/local/share/ca-bundle.crt
openssl.capath => no value => no value

Thanks for your patience and all of your help!!!

--Nikolaos

[ved]

No problem, glad you got the problem sorted.