1、如圖所示,同樣的php.ini配置,在 php 7.4 下 25 端口可以正常收發(fā)郵件, 465 端口就不行(日志錯(cuò)誤是 CONNECT - Unable to connect to the SMTP server),而用 php 5.5, 25 和 465 端口都可以正常收發(fā)郵件。 ... 查看全文
專家 發(fā)表于 2022-8-12 01:40 是的,更新的時(shí)候建議能升級下 |
zhansh 發(fā)表于 2022-8-10 22:38 不能這么說,畢竟證書校驗(yàn)也是ssl安全性的一環(huán),而且是php單方面默認(rèn)啟用的,這不能怪Discuz。 |
| 我也想知道 |
| 以上是網(wǎng)上查到的資料,discuz 連接 SSL 確實(shí)是存在問題的 |
|
PHP 5.6.x中OpenSSL的變化 ? 使用SSL/TLS時(shí),流包裝現(xiàn)在默認(rèn)情況下會(huì)驗(yàn)證對等證書和主機(jī)名 ? 默認(rèn)情況下,所有加密的客戶端流現(xiàn)在都啟用對等驗(yàn)證。默認(rèn)情況下,這將使用OpenSSL的默認(rèn)CA包來驗(yàn)證對等證書。在大多數(shù)情況下,與具有有效SSL證書的服務(wù)器通信不需要進(jìn)行任何更改,因?yàn)榘l(fā)行商通常將OpenSSL配置為使用已知良好的CA包。 通過設(shè)置openssl.cafile或openssl.capath配置設(shè)置,可以在全局基礎(chǔ)上覆蓋默認(rèn)CA包,或者通過使用cafile或者capath上下文選項(xiàng)。 雖然通常不建議這樣做,但是可以通過設(shè)置verify_peer上下文選項(xiàng)到false,并通過設(shè)置verify_peer_name上下文選項(xiàng)到false. |
 Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /www/a.php on line 5 Warning: fsockopen(): Failed to enable crypto in /www/a.php on line 5 Warning: fsockopen(): unable to connect to ssl://smtp.exmail.qq.com:465 (Unknown error) in /www/a.php on line 5 以上是測試結(jié)果 找了google和度娘都沒有解決,說什么證書問題 最后看到個(gè)修改方法的,臨時(shí)用一下 修改 source/function/function_core.php 注釋原來的函數(shù),新增以下方法 function fsocketopen($hostname, $port = 80, &$errno, &$errstr, $timeout = 15) { $fp = ''; if(function_exists('stream_socket_client')) { $contextOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ) ); $context = stream_context_create($contextOptions); $fp = @stream_socket_client($hostname.':'.$port, $errno, $errstr, $timeout,STREAM_CLIENT_CONNECT, $context); } return $fp; } 測試后可以正常放郵件,就是以后dz升級要注意下這塊或者重新編譯系統(tǒng)環(huán)境。 原文提示 一個(gè)php系統(tǒng)很早的了,后來把環(huán)境升級換成https與php5.6以后發(fā)現(xiàn)通信api不工作,通過排查發(fā)現(xiàn)是fsockopen函數(shù)的問題: 報(bào)錯(cuò):Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 解決方法法改造一下fsockopen方法: //不驗(yàn)證證書 $contextOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ) ); //如果有簽名的證書 /* $contextOptions = array( 'ssl' => array( 'verify_peer' => true, 'cafile' => '/path/to/cacert.pem', //'CN_match' => 'xcwmoon.net', // 匹配域名 'ciphers' => 'HIGH:!SSLv2:!SSLv3', 'disable_compression' => true, ) ); */ $context = stream_context_create($contextOptions); $fp = stream_socket_client("ssl://{$host}:{$port}", $errno, $errstr, $timeout, STREAM_CLIENT_CO |
crx349 發(fā)表于 2022-8-10 16:21 你這一說,我發(fā)現(xiàn) 5.5 之后版本的php.ini都多了下面一節(jié),之前版本是沒有的 [openssl] ; The location of a Certificate Authority (CA) file on the local filesystem ; to use when verifying the identity of SSL/TLS peers. Most users should ; not specify a value for this directive as PHP will attempt to use the ; OS-managed cert stores in its absence. If specified, this value may still ; be overridden on a per-stream basis via the "cafile" SSL stream context ; option. ;openssl.cafile= ; If openssl.cafile is not specified or if the CA file is not found, the ; directory pointed to by openssl.capath is searched for a suitable ; certificate. This value must be a correctly hashed certificate directory. ; Most users should not specify a value for this directive as PHP will ; attempt to use the OS-managed cert stores in its absence. If specified, ; this value may still be overridden on a per-stream basis via the "capath" ; SSL stream context option. ;openssl.capath= |
| 不需要證書,跑偏了,我在 php 5.5 郵件系統(tǒng)是正常使用的,php 7.4 不行 |
關(guān)注公眾號
有償服務(wù)微信
有償服務(wù)QQ
手機(jī)版|小黑屋|Discuz! 官方交流社區(qū)
( 皖I(lǐng)CP備16010102號 |
皖公網(wǎng)安備34010302002376號 )|網(wǎng)站地圖|
GMT+8, 2025-9-20 00:18 , Processed in 0.104037 second(s), 35 queries .
Powered by Discuz! W1.0 Licensed
Copyright © 2001-2025 Discuz! Team.
