ownCloud cannot send e-mail using my institution smtp due to problems with the SSL certificate


Hi guys!

I am trying to configure the mail in ownCloud using my institution smtp server. The problem is that this server has a "strange" SSL certificate that is causing me the following problem when I try to send an e-mail:

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed at /home/owncloud/owncloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php#95

I saw that I needed to add the certificate to the trusted certificates. I did this by using openssl to download the certificate from smtp server, copying to /etc/pki/trust/anchors/ and running update-ca-certificates. After that, the message was changed to:

stream_socket_enable_crypto(): Peer certificate CN=`pat****' did not match expected CN=`smtp1.*****************' at /home/owncloud/owncloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php#95

I know that this seems a problem with the certificate itself, but I cannot fix it and it probably will not be fixed anytime soon. Hence, I am looking for a workaround. The only thing that I could do to make this work is described in https://github.com/swiftmailer/swiftmailer/issues/544

I needed to add the lines:

$options['ssl']['verify_peer'] = FALSE;
$options['ssl']['verify_peer_name'] = FALSE;

To the function _establishSocketConnection() in owncloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php. After that, ownCloud could send e-mails correctly.

However, this seems a very big hack to me. I will need to handle it at every ownCloud (swiftmailer) update. Hence, I am wondering if there are a better way to accomplish that. I am aware of the problems I can face by setting verity_peer and verify_peer_name to false. But this is my only option.

Ronan Arraes


Well, it turns out that since I added the certificate to the database, I only need the option:

$options['ssl']['verify_peer_name'] = FALSE;

But the problem continues. I still need to hack swiftmailer code in order to make it work.



thats probably your only option if you can't effort to provide a correct configured / created certificate.