Bug #24917
closed
encrypted SMTP: Requirement check missing
Added by Julian Hofmann almost 14 years ago.
Updated almost 14 years ago.
Description
There is no check, if the environment supports encryption. In t3lib_mail_Mailer $useEncryption is directly taken out of $GLOBALS['TYPO3_CONF_VARS']['MAIL']. Without proper openSSL, this results in an error:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: Connection could not be established with host example.com [Unable to find the socket transport "tls" - did you forget to enable it when you configured PHP? #5] | Swift_TransportException thrown in file /var/www/id1234/files/typo3_src-4.5.0/typo3/contrib/swiftmailer/classes/Swift/Transport/StreamBuffer.php in line 235
For SSL or TLS encryption to work, PHP installations must have appropriate OpenSSL transports wrappers. You can check if "tls" and/or "ssl" are present in your PHP installation by using the PHP function stream_get_transports().
Old:
$useEncryption = ($mailSettings['transport_smtp_encrypt'] ? TRUE : FALSE);
New:
if (in_array('tls', stream_get_transports())) {
$useEncryption = ($mailSettings['transport_smtp_encrypt'] ? TRUE : FALSE);
}
(issue imported from #M17432)
Hi Julian, thanks for your report!
I disagree. We must not silently fall back to plain-text, if tls is not available. Throwing an Exception is IMHO the correct way (how should you notice otherwise?).
It might be that the Exception text could be improved and point to the value of transport_smtp_encrypt. So we <em>could</em> check, if tls stream transport is available and otherwise fail with an own Exception. However, this puts more logic from the 3rd party library into our own SwiftMailer adapter. Imagine that SwiftMailer might support other ways to encrypt the SMTP session than using the tls stream wrapper in future versions. So our check would have to be kept in sync. Therefore I'm more for keeping it, as it is.
But I leave the decision up to Ernesto and Jigal, which are more into this topic.
Greets over to 1km beeline :)
Steffen
I agree with Steffen. The exception is the "way to go" to make it clear that it doesn't work.
Small improvements ("nice to have") I could think of would be:
1) Catching that exception and throwing our own Exception with a message pointing to the "transport_smtp_encrypt" setting in the Install Tool.
2) Improve the wording of the transport_smtp_encrypt setting in the install tool to be more precise about the requirements. Currently it says: "Connect to the server using encryption and TLS. Requires openssl library."
If anyone comes up with patches and RFC for 1 and 2, we might include that in 4.5.x even.
For "future Install Tools" the requirement checks could / should be done right after saving the "All Configuration" page (currently they are stored "as is"). But this will probably only be possible after the Install Tool has been completely refactored, a project for 4.6, but unclear if someone will do it.
1) As the Exception is not a "SwiftMailer_TransportNoOpenSSL_Exception", but a generic "Swift_TransportException", we can't catch it and tell the uer that no OpenSSL is availabe, as it probably gets thrown also in other places.
2) It alread states "Requires openssl library". So, what else..? Only the "encryption and TLS" sounds a bit weird.
So I tend to close this with "no change required". Okay?
1) agreed
2) I thought the PHP module was called "tls". But indeed its "openssl" which provides these streams (tls, ssl...).
So +1 on closing. Done.
Also available in: Atom
PDF
Updated by 
Updated by