Home Forums Support Invoice Ninja 2.6.5 OpenSSL woes

This topic contains 12 replies, has 4 voices, and was last updated by  ourtech 1 month, 3 weeks ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #3636

    yuljk
    Participant

    Hi guys – I’m running 2.6.5 on the Bitnami stack. When I attempt to email an invoice I receive the following error:-

    stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

    I have attempted to download the latest cacert.pem from http://curl.haxx.se/ca/cacert.pem and then pointing to openssl.cafile=/opt/bitnami/common/openssl/certs/cacert.pem in php.ini. After restarting the stack the same issue persists.

    I’ve read around on the issue, and it seems that PHP 5.6+ enable verify_peer as default and there is no way of setting this option in php.ini anymore. Any ideas where I can modify the mailer code to allow me to fix this?

    P.S – This issue does not appear to be related to my installed signed certificates for Apache2, as I have tested the certificate chain and it checks out fine.

    Thanks

    #3637

    Hillel Coren
    Keymaster

    Sorry, you’ll need to trace through the code.

    In the past the two changes you’ve suggested have worked to solve the problem.

    #3638

    yuljk
    Participant

    How is verify_peer configured in PHP 5.6? I’m looking to just set it to false

    #3639

    Hillel Coren
    Keymaster

    I believe you need to se it in the .ini file

    #3640

    yuljk
    Participant

    Just did a grep for ‘verify_peer’ – Is this the file I should be modifying for the mailer function?

    htdocs/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php

    Thanks

    #3641

    Hillel Coren
    Keymaster

    I’m sorry, I’m not familiar with our third party code.

    #3642

    yuljk
    Participant

    I don’t see any option in my php.ini file in PHP 5.6 for disabling peer verification.

    #3643

    Hillel Coren
    Keymaster
    #3645

    yuljk
    Participant

    Thanks – I’ve had a dig around, but I’m not competent enough with PHP to really know which file to modify. :/

    I guess I could rollback to PHP 5.5 where the issue apparently doesn’t exist. I’d rather not however..

    #3646

    dansperfect
    Participant

    have you tried verifying your certificates with the openssl verify commands to verify your certificate. It will also verify you CSR.

    Verify your Certificate file: openssl verify -CAfile fileName

    If file failed verification message would look something like this: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
    error 24 at 1 depth lookup:invalid CA certificate

    But it would at least let you know if the Certificate isn’t corrupt

    #3649

    yuljk
    Participant

    I switched my mail configuration settings across to a different provider (Gmail) and I was able to email invoices again. Previously I was using our Exchange 2013 server with a receive connector setup.

    Oddly this setup worked without issues on a previous version of PHP. The Exchange SAN certificate checks out fine when performing tests on SSLLabs (chain is correct etc)

    Not quire sure what openssl isn’t happy about with respect to my signed certificates from a trusted authority on Exchange 2013, I’ll have to do some more digging.

    I’m pretty sure the cacert.pem isn’t corrupt as it’s a fresh download from http://curl.haxx.se/ca/.

    Thanks

    #3650

    Hillel Coren
    Keymaster

    Thanks for sharing your solution.

    #22198

    ourtech
    Participant

    This might not be exactly relevant to the previous case, but I found the issue was caused by SMTP Restrictions having been accidentally activated in WHM. As soon as this was disabled I was able to send again.

    Hope that helps

    OT

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.

Posted in: