On Fri, 2008-09-05 at 00:58 -0400, Robert Cummings wrote: > On Thu, 2008-09-04 at 23:20 -0400, Larry Brown wrote: > > I am having a ball of a time trying to figure this one out... If anyone > > has dealt with this before I'd love to get some morsels of wisdom from > > you... > > > > I am trying to connect to a postfix server I have set up remotely using > > smtp auth with tls. The postfix appears to be configured correctly at > > this point. I can telnet to port 25 and it will list tls as an option > > as the howto describes it should. I try to connect from php and get: > > > > PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL > > Error messages: > > error:1408F10B:SSL routines:func(143):reason(267) > > in /opt/scriptsMain/include/class.smtp.php on line 122 > > > > I've googled this and someone seems very knowledgeable about it yet > > describes the solution in a way that a mere mortal like myself can't > > follow. He states in part: > > > > "Look at the error message: > > error:1408F10B:SSL routines:func(143):reason(267) > > > > Take the reason code (267) and determine the error: > > grep 267 /usr/include/openssl/ssl.h > > /usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER > > 267 > > > > Now google for SSL_R_WRONG_VERSION_NUMBER..." > > > > ..."So in your server method configuration you must put: > > SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method()) > > to correctely analyse the first client_hello message > > instead of > > SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method()) > > which i suppose you did" > > > > So is he talking about modifying the source code in postfix and > > rebuilding it? Have any of you guys dealt with this?... > > > > By the way, when I started out I had a typo in the postfix > > config for the path to the certificates for ssl and was getting > > the same error message. It wasn't until I saw in the postfix > > mail log that it couldn't read the cert. So that was fixed but > > I continue to get the same message which I'm now thinking might > > be a red herring. > > Possibly a complete waste of your time... but maybe you need to > configure this setting: > > smtp_tls_mandatory_protocols > > http://www.postfix.org/postconf.5.html > > Cheers, > Rob. > -- OK. So I broke down and re-created my mail server due to its age. I am now running the latest sendmail and it is still failing. The message in the sendmail log is "...<remoteMachineIP>] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" A little research is leading me to believe the client (php client script) opened the socket but didn't send anything. Now the certificate that I'm using for the server is a self signed certificate. Evolution asked if I wanted to accept the certificate when I first connected and I did. After which it worked fine. Is there a setting I must enable to accept unknown certificates when a site is first connected to? Any other ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
