PHP - 使用 STARTTLS 和自签名证书的 Swiftmailer

我正在尝试使用 STARTTLS 使用 php 和 swiftmailer 发送电子邮件,但出现证书错误.我对 SMTP 服务器具有 root 访问权限,并且使用的证书是自签名的.我在两台机器(Web 服务器和 smtp 服务器)上都使用 Debian

I'm trying to send an email with php and swiftmailer, using STARTTLS, but I'm getting a certificate error. I have root access to the SMTP server, and the certificate used is self-signed. I'm using Debian on both machines (web server and smtp server)

PHP 消息:PHP 警告:stream_socket_enable_crypto():SSL 操作失败,代码 1.OpenSSL 错误消息:错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证在第 97 行的 [..]/lib/classes/Swift/Transport/StreamBuffer.php 中失败PHP 消息:PHP 致命错误:在 [..]/lib/classes/Swift/Transport/EsmtpTransport.php:294 中带有消息无法连接 TLS 加密"的未捕获异常Swift_TransportException"

我是否需要在某处添加自己的证书才能被接受?还是这是一些 OpenSSL 配置错误?

Do I need to add my own certificate somewhere to get it accepted? Or is this some OpenSSL configuration error?

推荐答案

编者注:禁用 SSL 验证具有安全隐患.如果不验证 SSL/HTTPS 连接的真实性,恶意攻击者可以冒充一个受信任的端点(例如 GitHub 或其他远程 Git 主机),您将容易受到 中间人攻击.

Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.

Swiftmailer 现在已经更新为包含一个选项.现在可以使用 Swift_SmtpTransport 实例中的 setStreamOptions 方法解决它,而不是编辑 swift 类.

Swiftmailer has now been updated to include an option for this. It can now be solved using the setStreamOptions method from your Swift_SmtpTransport instance rather than editing the swift class.

$transport = Swift_SmtpTransport::newInstance('smtp.server.com', 123, 'tls')
    ->setUsername('username')
    ->setPassword('password')
    ->setStreamOptions(array('ssl' => array('allow_self_signed' => true, 'verify_peer' => false)));

相关文章