Am 23.12.21 00:51 schrieb Leo Unglaub: > Hey friends, > > i have a OpenBSD 7.0 server with all syspatches applied. On that server i > have setup httpd and PHP 7.4 running via PHP-FPM. I followed the readme > provided by the package and everything seams to be fine. > > There is only one issue when i try to establish a secure connection from PHP > to another server. (sending an email in this case via SMTP). I get the > following error: > > > PHP Warning: stream_socket_enable_crypto(): SSL operation failed with code > > 1. OpenSSL Error messages: > > error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed
My first guess ist that the chain is not correct and so the server's certificate cannot be validated. If you are sure that your PHP script connects to the right host then you can remove temporarily validation just to see if this will work. If so you should enable validation again and examine the chain on your mailserver. > (...) > But PHP is still unable to connect to that server. I ssh'ed into that server > and did the openssl s_client manually. Just to verify that everything works > as expected and it does: > > > openssl s_client -tls1_2 -connect mail.foobar.com:587 > > openssl s_client -tls1_3 -connect mail.foobar.com:587 (both 1.2 and 1.3 > > work) Use showcerts to see what is actually received: openssl s_client -showcerts -connect mail.foobar.com:587
