1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Error log entrys (SSL / Email / php5.6 trouble?)

Discussion in 'Troubleshooting and Problems' started by otto, Apr 4, 2016.

  1. otto

    otto Well-Known Member

    Hello, since a short time ago (since I have switched from php 5.3.x to php 5.6.x) I have this errorlog entrys in my XenForo 1.5.6 ACP:

    Code:
    ErrorException: Email to ronny.cz@web.de failed (after retry): stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed - library/Zend/Mail/Protocol/Smtp.php:206
    Generated By: Unknown Account, 3 minutes ago
    Code:
    #0 [internal function]: XenForo_Application::handlePhpError(2, 'stream_socket_e...', '/var/www/vhosts...', 206, Array)
    #1 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/Zend/Mail/Protocol/Smtp.php(206): stream_socket_enable_crypto(Resource id #69, true, 9)
    #2 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/Zend/Mail/Transport/Smtp.php(217): Zend_Mail_Protocol_Smtp->helo('localhost')
    #3 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/Zend/Mail/Transport/Abstract.php(348): Zend_Mail_Transport_Smtp->_sendMail()
    #4 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/Zend/Mail.php(1194): Zend_Mail_Transport_Abstract->send(Object(Zend_Mail))
    #5 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/MailQueue.php(91): Zend_Mail->send(Object(Zend_Mail_Transport_Smtp))
    #6 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Deferred/MailQueue.php(10): XenForo_Model_MailQueue->runMailQueue(7.9999990463257)
    #7 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/Deferred.php(295): XenForo_Deferred_MailQueue->execute(Array, Array, 7.9999990463257, '')
    #8 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/Deferred.php(429): XenForo_Model_Deferred->runDeferred(Array, 7.9999990463257, '', false)
    #9 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/Deferred.php(374): XenForo_Model_Deferred->_runInternal(Array, NULL, '', false)
    #10 /var/www/vhosts/zetor-forum.de/httpdocs/forum/deferred.php(23): XenForo_Model_Deferred->run(false)
    #11 {main}
    PHP:
    array(3) {
      [
    "url"] => string(45"https://www.zetor-forum.de/forum/deferred.php"
      
    ["_GET"] => array(0) {
      }
      [
    "_POST"] => array(4) {
        [
    "_xfRequestUri"] => string(103"/forum/threads/hallo-zusammen-ich-bin-auf-der-suche-nach-einem-motor-fuer-meinen-zetor-5211.3607/page-3"
        
    ["_xfNoRedirect"] => string(1"1"
        
    ["_xfToken"] => string(8"********"
        
    ["_xfResponseType"] => string(4"json"
      
    }
    }
    And:

    Code:
    ErrorException: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed - library/Zend/Mail/Protocol/Pop3.php:125
    Generated By: Unknown Account, 22 minutes ago
    Code:
    #0 [internal function]: XenForo_Application::handlePhpError(2, 'stream_socket_e...', '/var/www/vhosts...', 125, Array)
    #1 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/Zend/Mail/Protocol/Pop3.php(125): stream_socket_enable_crypto(Resource id #59, true, 9)
    #2 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/Zend/Mail/Storage/Pop3.php(190): Zend_Mail_Protocol_Pop3->connect('zetor-forum.de', 110, 'TLS')
    #3 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/EmailBounce.php(288): Zend_Mail_Storage_Pop3->__construct(Array)
    #4 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Deferred/EmailBounce.php(19): XenForo_Model_EmailBounce->openBounceHandlerConnection()
    #5 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/Deferred.php(295): XenForo_Deferred_EmailBounce->execute(Array, Array, 7.9999978542328, '')
    #6 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/Deferred.php(429): XenForo_Model_Deferred->runDeferred(Array, 7.9999978542328, '', false)
    #7 /var/www/vhosts/zetor-forum.de/httpdocs/forum/library/XenForo/Model/Deferred.php(374): XenForo_Model_Deferred->_runInternal(Array, NULL, '', false)
    #8 /var/www/vhosts/zetor-forum.de/httpdocs/forum/deferred.php(23): XenForo_Model_Deferred->run(false)
    #9 {main}
    PHP:
    array(3) {
      [
    "url"] => string(44"http://www.zetor-forum.de/forum/deferred.php"
      
    ["_GET"] => array(0) {
      }
      [
    "_POST"] => array(4) {
        [
    "_xfRequestUri"] => string(70"/forum/threads/land-und-forstwirtschaft-mit-und-ohne-zetor.948/page-14"
        
    ["_xfNoRedirect"] => string(1"1"
        
    ["_xfToken"] => string(8"********"
        
    ["_xfResponseType"] => string(4"json"
      
    }
    }
    Can anybody tell me whats the problem and what I have to do to solve this?

    Since today morning I have switched the forum also to SSL via Lets Encrypt certifikate, so the site/domain is using it and can browsed by https://www.zetor-forum.de But the error 2 was in the logs bevor SSL and certificate was active... So I think its a php (version?) problem. Help! :(
     
  2. Mike

    Mike XenForo Developer Staff Member

    These indicate that your STMP and POP3 email servers don't have an SSL certificate that is signed by an authority (or the certificate trust store PHP is using is broken). You probably need to look at the SSL cert used by these servers to see what they're using and who it's signed by.
     
    otto likes this.
  3. otto

    otto Well-Known Member

    Its the Lets Encrypt cert, genereted with the Plesk Lets Encrypt extension for Plesk 12.5 . Such I know, is Lets Encrypt at time not supporting mail-SSL.. :(

    No workaround to fix this without changing the certificate?

    And again - the error logs come up with switch from php 5.3.x to 5.6.x and NOT with the installation of the certificate today. :confused:
     
    Last edited: Apr 4, 2016
  4. Snog

    Snog Well-Known Member

    otto likes this.
  5. Mike

    Mike XenForo Developer Staff Member

    Just to be clear, PHP 5.6 verifies SSL certificates by default. Below that, it didn't. So technically this happened before, but it wasn't a check that was run.

    It's possible to disable verification of certs, though it would require direct code changes (in this case, within Zend Framework).
     
    otto likes this.
  6. otto

    otto Well-Known Member

    @Snog
    Oh, if that will work - that would be realy cool. I will give it a try. Mail SSL is now on the to do list. :)

    @Mike
    At this time I have made these changes into library/Zend/Mail/Protocol/Smtp.php:

    Bevore: (around line 202 to 214)
    PHP:
            // If a TLS session is required, commence negotiation
            
    if ($this->_secure == 'tls') {
                
    $this->_send('STARTTLS');
                
    $this->_expect(220180);
                if (!
    stream_socket_enable_crypto($this->_sockettrueSTREAM_CRYPTO_METHOD_TLS_CLIENT)) {
                    
    /**
                     * @see Zend_Mail_Protocol_Exception
                     */
                    
    require_once 'Zend/Mail/Protocol/Exception.php';
                    throw new 
    Zend_Mail_Protocol_Exception('Unable to connect via TLS');
                }
                
    $this->_ehlo($host);
            }
    And change this to :
    PHP:
            // If a TLS session is required, commence negotiation
            
    if ($this->_secure == 'tls') {
                
    $this->_send('STARTTLS');
                
    $this->_expect(220180);
                
    stream_context_set_option($this->_socket'ssl''verify_peer_name''verify_peer'false);
                if (!
    stream_socket_enable_crypto($this->_sockettrueSTREAM_CRYPTO_METHOD_TLS_CLIENT)) {
                    
    /**
                     * @see Zend_Mail_Protocol_Exception
                     */
                    
    require_once 'Zend/Mail/Protocol/Exception.php';
                    throw new 
    Zend_Mail_Protocol_Exception('Unable to connect via TLS');
                }
                
    $this->_ehlo($host);
            }
    That should be a work around for a short time now (with these no new error logs are to see) and I'll take a look at your and Snogs hint to solve this the right way next days. (y)

    Thanks!
     
    Mike likes this.

Share This Page