SMTP self signed certificate

[shreyasajj]

I have a self signed certificate self hosted smtp client. I am not sure how to allow connection as the logs say bad tls connection. Is there an option to choose not verify tls certificate?

[fisharebest]

Edit this file, and add this line at the point indicated.

$transport->setStreamOptions(['ssl' => ['allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false]]);

https://github.com/fisharebest/webtrees/blob/66fffb9351751d07477bf061bb3e3c0ae1aa12a0/app/Services/EmailService.php#L166

This should disable the checks. From a security perspective, I'm not sure this is a sensible course of action. I don't think it should be added to the core code.

AFAICT, it is better to add a root CA to your server, and use the root CA to sign your certificate.

If this solution works (I haven't tested it), then it is simple to create a module to provide this functionality.

Use the example module as a base - i.e. copy from https://github.com/webtrees/example-module

Next, create your own modified version of the EmailService class:

class MyEmailService extends MailService {
  protected function transport(): TransportInterface {
    $transport = parent::transport();
    $transport->setStreamOptions(['ssl' => ['allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false]]);
    return $transport;
  }
}

Finally, register your new service by adding this function to your module.

  public function boot() {
    Webtrees::set(EmailService::class, MyEmailService::class);
  }

[shreyasajj]

$transport->setStreamOptions(['ssl' => ['allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false]]);

It came back with 500

[fisharebest]

https://webtrees.net/faq/500/

[fisharebest]

Did you find the error message for this 500 error?

[shreyasajj]

Sorry went out for the weekend, let get back to you by tmrw

[fisharebest]

I think I have given you all the help you need. If you still have problems, open a new issue for it.