These are my settings:
sendmail.ini
smtp_server = 10.1.xxx.xxx
smtp_port=25
smtp_ssl=none
php.ini
[mail function]
SMTP = 10.1.xxx.xxx
smtp_port = 25
sendmail_path = "C:\Webserver\sendmail\sendmail.exe -t"
Typo3
'MAIL' => [
'defaultMailFromAddress' => 'noreply#domain.org',
'defaultMailFromName' => 'Domain',
'transport' => 'smtp',
'transport_sendmail_command' => '',
'transport_smtp_encrypt' => false,
'transport_smtp_password' => '',
'transport_smtp_server' => '10.1.xxx.xxx:25',
'transport_smtp_username' => '',
],
SSL certificate is provided by a netscaler configuration
Typo3 Test Mail Setup
Could not deliver mail
Please verify $GLOBALS['TYPO3_CONF_VARS']['MAIL'][*] settings are valid.
Error message: Unable to connect with STARTTLS: stream_socket_enable_crypto():
Peer certificate CN=*.domain.de' did not match expected CN=10.1.xxx.xxx'
Ehm, with transport_smtp_encrypt=false the connection will be tried via STARTTLS. For using an SSL-Connection, transport_smtp_encrypt has to be true.
Important: #91070 - SMTP transport option ‘transport_smtp_encrypt’ changed to boolean
so there is no chance to deactivate encryption as false uses Starttls and true ssl - thanks for the information
#alexinge I think STARTTLS is only used if the server that you try to connect to is able to handle it. As the changelog of version 4.4 of symfony/mailer says (highlight by me):
STARTTLS cannot be enabled anymore (it is used automatically if TLS is disabled and the server supports STARTTLS)
So you might try to change the configuration of the mail server (if you have access to that) or maybe use another port (587 with 'transport_smtp_encrypt' => false or 465 with 'transport_smtp_encrypt' => true).
Related
I'm using Laravel 8, PHP 7. The SSL works fine when I visit the site with HTTPS. However, the error happens when I call my function.
Connection could not be established with host smtp.hostinger.com
:stream_socket_client(): SSL operation failed with code 1. verify
failed
$data = ['name' => $result[0]->name, 'rand_id' => $rand_id];
$user['to'] = $request->str_forgot_email;
Mail::send('front/forgot_password', $data, function ($message) use ($user) {
$message->to($user['to']);
$message->subject('Forgot Password');
});
Debian 10. I try to connect to a remote server with certificate. However connection fails with 500 error. DEBUG: .../IO/Socket/SSL.pm:2593: global error: Failed to load certificate from file (no PEM, DER or PKCS12) error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag.
Same code with same certificate works fine with several Debian 9. I have tried different versions with Debian 10 - of IO-Socket_SSL (ex. 2.044 - 2.060), LWP-Protocol-https (ex. 6.05 - 6.07) with no luck.
For clear experiment I took fresh from provider debian images with 9 & 10. It works with basic perl modules with ver 9 and fails with ver 10.
I need a piece of help & advise , cause I'm loosing hope :(
use LWP;
use LWP::UserAgent;
use LWP::Protocol::https;
use LWP::Debug qw(+);
use Net::SSL;
use IO::Socket::SSL qw(debug4);
$ENV{HTTPS_CERT_FILE} = "cert.crt";
$ENV{HTTPS_KEY_FILE} = "private.key";
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
$ENV{HTTPS_DEBUG} = 1;
my $ua = LWP::UserAgent->new;
$ua->ssl_opts(
SSL_verify_mode => 0,
verify_hostname => 0,
SSL_cert_file => "cert.crt",
SSL_key_file => "private.key"
);
my $req = HTTP::Request->new(POST => "https://server:775/api");
$req->header('content-type' => 'application/soap+xml; charset=utf-8; action="http://tempuri.org/ICodeRequestOnline/GetProtocolVersion"');
my $txt= qq{<?xml version="1.0" encoding="UTF-8"?><soap:Envelope>...</soap:Envelope>};
$req->content($txt);
my $resp = $ua->request($req);
print $resp->as_string;
I want to drop or reject a connection based on the value of the client cert CN discovered during ssl negotiation.
I'm not familiar with syntax and can't find similar examples.
I'm stuck with lighttpd v.1.4.45.
In a mixture of real and pseudocode:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
...
ssl.ca-file = "..."
...
# client side authentification
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "enable"
ssl.verifyclient.depth = "2"
# this line instructs client cert CN value to be extracted
ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
}
# psuedocode
<client CN> <not regexp-equal> <regexp> {
<reject>
}
Can it be done at the lighttpd level? Assume going down to application code is not an option.
(I'm also curious to see an example of how could it be done at application level but that is not the primary question.)
Use lighttpd mod_auth. https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth
server.modules += ("mod_auth")
auth.require = ( "" =>
(
"method" => "extern",
"realm" => "certificate",
"require" => "user=agent007|user=agent008"
)
)
You have to list the permitted SSL_CLIENT_S_DN_CN values in user=...|user=...
Redmine does not use StartTLS by default. When I configure my LDAP server to require TLS, redmine fails to authenticate users.
With openldap you might see "Confidentially required" error message in redmine logs.
Make sure LDAPS is NOT enabled. ldaps:// is a different encryption scheme than StartTLS. With StartTLS unecrypted connection is promoted to encrypted over same port.
When using redmine 3.2.4 find a file with name redmine/app/models/auth_source_ldap.rb
search for "encryption", find:
options = { :host => self.host,
:port => self.port,
:encryption => (self.tls ? :simple_tls : nil)
}
When LDAPS is unchecked, we want to use StartTLS:
:encryption => (self.tls ? :simple_tls : :start_tls)
Save and restart your web server. Redmine should now use encrypted connection.
I know this is old but I just had a similar problem but with Redmine 4.1.2.
I had to make a similiar change to get StartTLS to work without LDAPS:
in redmine/app/models/auth_source_ldap.rb
Search for this block of code
if tls
options[:encryption] = {
:method => :simple_tls,
# Always provide non-empty tls_options, to make sure, that all
# OpenSSL::SSL::SSLContext::DEFAULT_PARAMS as well as the default cert
# store are used.
:tls_options => { :verify_mode => verify_peer? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE }
}
and update it with the an else clause as:
if tls
options[:encryption] = {
:method => :simple_tls,
# Always provide non-empty tls_options, to make sure, that all
# OpenSSL::SSL::SSLContext::DEFAULT_PARAMS as well as the default cert
# store are used.
:tls_options => { :verify_mode => verify_peer? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE }
}
else
options[:encryption] = {
:method => :start_tls,
:tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_NONE}
}
end
ES version - 2.3.5 , Logstash - 2.4
'Attempted to send bulk request to Elasticsearch, configured at ["xxxx.com:9200"] ,
An error occurred and it failed! Are you sure you can reach elasticsearch from this machine using the configuration provided ?
Error:
"SSL peer shut down incorrectly", Manticore::ClientProtocolException
logstash"'
My logstash Output section:
output
{
stdout { codec => rubydebug }
stdout { codec => json }
elasticsearch
{
user => "xxxx"
password => "xxx"
index => "wrike_jan"
document_type => "data"
hosts => ["xxxx.com:9200"]
ssl => true
ssl_certificate_verification => false
truststore => "elasticsearch-2.3.5/config/truststore.jks"
truststore_password => "83dfcdddxxxxx"
}
}
Logstash file is executed , but it is failing to send the data to ES.
Could you please suggest, thank you.
Be particular about http or https in the url, in the above case i am sending data to https but my ES is using http.
Later, upgrade of logstash version solved to send data to ES.