Allow SMTP servers with self-signed certificates

Open on Drupal.org →

Created on 23 July 2019, almost 5 years ago

Updated 8 July 2023, 12 months ago

Hi,

For a few times I've had to deal with clients that have badly configured SMTP servers, and I don't have any power over it, so I have to use the server/accounts that they provide to me.

The most of the times, the main problem is servers that have self-signed certificates, and this module doesn't have any option to allow it to make connections to those kinds of servers.

I took a look at the module, and I found that it uses fsockopen() ( https://www.php.net/manual/en/function.fsockopen.php ) to create the socket to the SMTP server ( https://git.drupalcode.org/project/smtp/blob/8.x-1.0-beta4/src/PHPMailer... ). So I changed it to use stream_socket_client() ( https://www.php.net/manual/en/function.stream-socket-client.php ) that has the same arguments as the fsockopen(), but has an extra argument that is the $context.

Creating a $context like this, allows us to connect to servers with self signed certificates.

$options = [
    'ssl' => [
        'verify_peer_name' => false,
        'verify_peer'      => false,
        'allow_self_signed' => true,
    ]
];

$context = stream_context_create($options);

So what I've changed, is:

* Added a new checkbox to the module configuration form, called smtp_self_signed. With a warning telling people to enable it only if they know what they are doing;
* Added the same variable to smtp.settings.yml and smtp.schema.yml;
* Added the glue needed to pass the new option from the form to the PHPMailer.php and SMTP.php files;
* Using stream_socket_client() instead of fsockopen() to create the connection;
* When smtp_self_signed is set to True, create a context that allows connections to servers with self-signed certificates;

The attached patch is based on the latest branch "8.x-1.x" on git. This is my first time submitting a patch to add a new feature to a Drupal module, so be gentle ;-)

Regards,
Pedro de Oliveira @ Javali

✨ Feature request

Status

Needs work

Version

1.0

Component

Code

Created by

🇵🇹Portugal falsovsky

Live updates comments and jobs are added and updated live.

Incomplete comments

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 year ago →
🇪🇸Spain agusfernandezg9
Following this topic, we needed to add a CA certificate to the SMTP configuration.
We added 2 options to be able to set up your custom CA certificate file, for this, we've created 2 extra fields.
1- Self-signed certificate, it's a boolean to determine if you need a custom certificate or not.
2- Certificate File, it's the certificate file itself.
Comment about 1 year ago →
🇪🇸Spain agusfernandezg9
There was a missing field on the submit method, so I've re-added so now the value it's been stored.
Comment about 1 year ago →
🇨🇺Cuba ramonma1989
I used #10 ✨ Allow SMTP servers with self-signed certificates Needs work with smtp 8.x-1.2, it worked for me, thanks.
Status changed to Needs work about 1 year ago7:01pm 21 June 2023
Comment about 1 year ago →
🇺🇸United States japerry KVUO
Moving back to needs work. I think the feature, very unfortunately, should exist... but the patch needs some work, specifically around managing the configuration.
Comment 12 months ago →
🇩🇪Germany TomSaw Essen
#10 works for me with a bad uggly singed certificate using (latest) Drupal 10.1.1
Thanks to everyone involved!

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024