Warning: stream_socket_enable_crypto(): SSL operation failed with code 1

Question

I have a problem with CSCart, it fails sending mail via google account. To check if there is a problem in server config or in CSCart's scripts I installed clean library PHPMailer and tried to send test message using example script. Result is the same:

Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in [script path]/class.smtp.php on line 338    

OpenSSL connection from console works good.

FreeBSD 10.0, Apache24, php5.6.

I could not find any information in google and for now I even do not know in which config file to search the issue root.

Answer 1

This is due to the new verify-by-default policy in PHP 5.6. It's not set in php.ini; it's an option you an provide to fopen wrappers or stream contexts. Have a look at the options here, especially verify_peer. PHPMailer allows you to set these params during the smtpConnect() method, but there is no option to pass options into the smtpSend() method, so you will need to subclass PHPMailer to get at that.

You may find the alternative simpler - don't try to use a self-signed or unverifiable certificate.

Answer 2

There is a lot of configs that makes this error come up, but more often it is that your system's configuration is not set up properly. To do it correctly, follow this:

1. Check if you have cacert.pem file for OPENSSL or not. If you don't, download proper version from of cacert.pem according to your php version and config your php.ini file as "2"

2. If you have this file then you have to lookup inside of your php.ini file and see if it has been set in it or not. To do so: lookup for line:

   openssl.cafile ="example address..\cacert.pem"

If you find the line with an specific address, look for cacert.pem file in that address, if you find it, than it is all done with cacert.pem file. Else, you should use the correct address.