OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



TLS support

Are you responsible for making OCS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, michael, John

Forum rules
What to do if you have a technical problem with OCS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved. Please note that this FAQ is OJS-centric, but most issues are applicable to both platforms.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OCS Conference Support and Discussion subforum; if you have a development question, try the OCS Development subforum.

TLS support

Postby cristinaragon » Tue Nov 19, 2013 1:39 am

Hi all!

I´m trying to config OJS to send mails by secure port but I can´t achieve it.


I´ve test:

smtp = On

force_login_ssl = On

; SMTP server settings

smtp_server = tls://smtp.unirioja.es:587

; smtp_port = 587

; Enable SMTP authentication

; Supported mechanisms: PLAIN, LOGIN, CRAM-MD5, and DIGEST-MD5

smtp_auth = PLAIN

smtp_username = ojs@unirioja.es

smtp_password = *****



I´ve test the same as above but:

smtp_server = tls://smtp.unirioja.es

smtp_port = 587


But nothing happens. No logs, no errors.



I have test changing lib/pkp/classes/mail/SMTPMailer.inc.php:


/**

* Connect to the SMTP server.

* @return boolean

*/

function connect() {

// $this->socket = fsockopen($this->server, $this->port, $errno, $errstr, 30);

$this->socket = stream_socket_client($this->server, $errno, $errstr, 30);

if (!$this->socket)

return false;

return true;

}



And so:

$this->socket = fsockopen($this->server, $errno, $errstr, 30);



(with smtp_server = tls://smtp.unirioja.es:587 when tested without $this->port)



In both cases it appears a error log :


A.- ojs2 has produced an error\n Message: WARNING: stream_socket_client(): unable to connect to tls://smtp.unirioja.es:587 (php_network_getaddresses: getaddrinfo failed: Name or service not known )\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 165\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... 2Fmanagers



B.- ojs2 has produced an error\n Message: WARNING: fsockopen(): unable to connect to tls://smtp.unirioja.es:587 (php_network_getaddresses: getaddrinfo failed: Name or service not known )\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 164\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... %2Feditors




I have read at the first lines of SMTPMailer.inc.php:

* TODO: TLS support

But, If I read differents forums, it seems that someone has managed to send mail by secure port.

We have office365 and there is no alternative to the secure mail.

Am I doing something wrong or Am I trying to do anything that is not possible to be done?

Could anyone please write me some clues?

Thanks in advance!
Cristina
Last edited by cristinaragon on Thu Nov 28, 2013 4:04 am, edited 1 time in total.
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Tue Nov 19, 2013 8:49 am

Hi Cristina,

Check your phpinfo() output to make sure that OpenSSL and cURL support are available to PHP.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8419
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Thu Nov 21, 2013 8:19 am

Hi Alec,

I have enabled OpenSSL and cURL.

With phpinfo() I get:

openssl

OpenSSL support enabled
OpenSSL Library Version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
OpenSSL Header Version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

curl

cURL support enabled
cURL Information 7.15.5
Age 2
Features
AsynchDNS No
Debug No
GSS-Negotiate Yes
IDN Yes
IPv6 Yes
Largefile Yes
NTLM Yes
SPNEGO No
SSL Yes
SSPI No
krb4 No
libz Yes
CharConv No
Protocols tftp, ftp, telnet, dict, ldap, http, file, https, ftps
Host i686-redhat-linux-gnu
SSL Version OpenSSL/0.9.8b
ZLib Version 1.2.3

Any clue? It´s possible to send mail with TLS support?
Thanks in advance!
Cristina
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Thu Nov 21, 2013 11:17 am

Hi Cristina,

That looks OK to me, yet it's not working on your server. I did a quick Google search for similar problems and some indicate that they are able to execute this successfully via CLI PHP but not through Apache, which I suspect is something like a SELinux rule. I'd suggest writing up a quick stand-alone test script that attempts to use fsockopen with the tls:// prefix to see if you can get it working without OJS being involved.

There is a note here indicating that tls:// is only available when OpenSSL is compiled into PHP, which may mean that using OpenSSL as a module doesn't result in tls:// being supported.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8419
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Fri Nov 22, 2013 1:17 am

Hi Alec,

I don´t understand you:

I´ve php compiled with openssl:

PHP Version 5.3.3


System Linux

Configure Command './configure' '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--with-kerberos' '--enable-ucd-snmp-hack' '--enable-shmop' '--enable-calendar' '--without-sqlite' '--with-libxml-dir=/usr' '--enable-xml' '--with-system-tzdata' '--with-apxs2=/usr/sbin/apxs' '--without-mysql' '--without-gd' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader' '--disable-xmlwriter' '--without-sqlite3' '--disable-phar' '--disable-fileinfo' '--disable-json' '--without-pspell' '--disable-wddx' '--without-curl' '--disable-posix' '--disable-sysvmsg' '--disable-sysvshm' '--disable-sysvsem'

Do you mean that it may be possible work with TLS and OJS or am I missundestanding you? :?:
Thanks!
Cristina
Last edited by cristinaragon on Thu Nov 28, 2013 4:05 am, edited 1 time in total.
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby cristinaragon » Fri Nov 22, 2013 1:26 am

Hi Alec,

I forgot tell you that we have another app in the same machine that sends secure mail with PHP. So, I think that there must be something concerning OJS programming.

In this other app that work with TLS we have this parameters:

$config['protocol']='sendmail';
$config['smtp_host']='smtp.unirioja.es';
$config['smtp_port']='587';

$config['smtp_crypto']='tls';
$config['smtp_timeout']='60';
$config['smtp_user'] = 'user@unirioja.es';
$config['smtp_pass'] = 'pass';
$config['charset']='utf-8';
$config['mailtype'] = 'html';

So I think that there must be something with OJS that doesn´t handle this kind of email on the right mode.
Thanks in advance,
Cristina
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Fri Nov 22, 2013 10:11 am

Hi Cristina,

In the configuration above, you're using...
Code: Select all
smtp_server = tls://smtp.unirioja.es:587
; smtp_port = 587
...which is definitely wrong; you can't specify the port number in the hostname. Un-comment the smtp_port entry and remove the port from the smtp_server entry.

If that's still not working, see if you can get access to the SMTP server error log. It may indicate why the message is being rejected.

We have many confirmations that TLS is working this way e.g. with gmail, so it may be that the mail server is rejecting it because of its content rather than its transport.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8419
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Mon Nov 25, 2013 12:50 am

Hi Alec,

So you tell me that I don´t have to rewrite nothing into lib/pkp/classes/mail/SMTPMailer.inc.php and that only with

smtp_server = tls://smtp.unirioja.es
smtp_port = 587

it should work, isn´t it?

I´m going to test it right now! (I think that I´ve test it before)

Thanks!
Cristina
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby cristinaragon » Mon Nov 25, 2013 1:54 am

Hi Alec,

The person who held the publications service has test OJS trying to mail twice but no mail has arrived.

Here is the error log output:

[Mon Nov 25 09:44:27 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 164\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... ople%2Fall
[Mon Nov 25 09:44:27 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: fsockopen(): Failed to enable crypto\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 164\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... ople%2Fall
[Mon Nov 25 09:44:27 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: fsockopen(): unable to connect to tls://smtp.unirioja.es:587 (Unknown error)\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 164\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... ople%2Fall
[Mon Nov 25 09:45:53 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: Cannot use a scalar value as an array\n In file: /web/servicios/sp/ojs-2.4.2/classes/journal/JournalSettingsDAO.inc.php\n At line: 82\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... n/journals
[Mon Nov 25 09:45:59 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: Cannot use a scalar value as an array\n In file: /web/servicios/sp/ojs-2.4.2/classes/journal/JournalSettingsDAO.inc.php\n At line: 82\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... jr/manager
[Mon Nov 25 09:46:16 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 164\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... 2Fmanagers
[Mon Nov 25 09:46:16 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: fsockopen(): Failed to enable crypto\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 164\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... 2Fmanagers
[Mon Nov 25 09:46:16 2013] [error] [client 10.9.1.94] ojs2 has produced an error\n Message: WARNING: fsockopen(): unable to connect to tls://smtp.unirioja.es:587 (Unknown error)\n In file: /web/servicios/sp/ojs-2.4.2/lib/pkp/classes/mail/SMTPMailer.inc.php\n At line: 164\n Stacktrace: \n Server info:\n OS: Linux\n PHP Version: 5.3.3\n Apache Version: Apache\n DB Driver: mysql\n DB server version: 5.0.77-community-log, referer: http://publicaciones.unirioja.es/ojs-2. ... 2Fmanagers


Any other clue will be welcome!
Thanks Alec,
Cristina
Last edited by cristinaragon on Thu Nov 28, 2013 4:03 am, edited 1 time in total.
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby wellingtonwa » Mon Nov 25, 2013 1:02 pm

I have the same problem. I lost a day trying to figure out how to solve this problem, but until now nothing.
wellingtonwa
 
Posts: 1
Joined: Mon Nov 25, 2013 12:52 pm

Re: TLS support

Postby asmecher » Mon Nov 25, 2013 1:13 pm

Hi all,

The key appears to be the error message:
Code: Select all
WARNING: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

This seems to relate to the way a secure connection is negotiated: either before the connection is established, or afterwards. This appears to be the difference between ssl:// and tls://. See http://php.net/manual/en/transports.inet.php#95022.

You can test this outside of OJS/OCS/etc. by trying the following PHP script:
Code: Select all
<?php
$fp = fsockopen("tls://[hostname]", [portnumber], $errno, $errstr);
?>
...replacing [hostname] and [portnumber] with the relevant values.

Running this with the values you've given to OJS will result in the same error message. Before SMTP will work, you'll have to figure out what your server is expecting and get the fsockopen statement to work. (I suggest trying ssl:// instead of tls://, but that's an educated guess.)

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8419
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Thu Nov 28, 2013 2:53 am

Hi Alec,

I´ve test this script (pp.php):

<?php
$fp = fsockopen("tls://smtp.unirioja.es",587, $errno, $errstr);
?>

And this is the error log:
[Thu Nov 28 10:47:09 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:47:09 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): Failed to enable crypto in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:47:09 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): unable to connect to tls://smtp.unirioja.es:587 (Unknown error) in /web/servicios/sp/ojs-2.4.2/pp.php on line 2


Then I´ve tested this other mode:

<?php
$fp = fsockopen("ssl://[hostname]", [portnumber], $errno, $errstr);
?>

And this is the error log:
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): Failed to enable crypto in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): unable to connect to ssl://smtp.unirioja.es:587 (Unknown error) in /web/servicios/sp/ojs-2.4.2/pp.php on line 2

What can I do?
How can other app in the same machine with the same software (php, openssl, apache) send secure mail?

Thanks in advance!
Cristina
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Thu Nov 28, 2013 10:30 am

Hi Cristina,

I'm not sure how the other application is connecting -- is it a free/open source application?

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8419
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Fri Nov 29, 2013 4:06 am

Hi alec,

I attach the library of mail that sends the mail in our other app.
I have changed the extension of teh Email.php to Email.txt to be able to attach it.
Thanks!
Cristina
Attachments
Email.txt
(46.84 KiB) Downloaded 66 times
cristinaragon
 
Posts: 21
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Fri Nov 29, 2013 11:33 am

Hi Cristina,

That library appears to use the ssl:// prefix; see approx. line 1685:
Code: Select all
   if ($this->smtp_crypto == 'ssl')
      $ssl = 'ssl://';
      $this->_smtp_connect = fsockopen($ssl.$this->smtp_host,
                              $this->smtp_port,
                              $errno,
                              $errstr,
                              $this->smtp_timeout);
Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8419
Joined: Wed Aug 10, 2005 12:56 pm

Next

Return to OCS Technical Support

Who is online

Users browsing this forum: Bing [Bot] and 2 guests