OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



TLS support

Are you responsible for making OCS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, michael, John

Forum rules
What to do if you have a technical problem with OCS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved. Please note that this FAQ is OJS-centric, but most issues are applicable to both platforms.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OCS Conference Support and Discussion subforum; if you have a development question, try the OCS Development subforum.

Re: TLS support

Postby cristinaragon » Thu Dec 05, 2013 2:55 am

Hi Alec,

yes, they do ssl connection but if I config OJS to do ssl connection it doesn´t work.

So, when I exec

<?php
$fp = fsockopen("ssl://[hostname]", [portnumber], $errno, $errstr);
?>

this is the error log:
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): Failed to enable crypto in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): unable to connect to ssl://smtp.unirioja.es:587 (Unknown error) in /web/servicios/sp/ojs-2.4.2/pp.php on line 2

This can be because they do something to enable crypto and ojs only makes tha call fsockopen("ssl://[hostname]", [portnumber], $errno, $errstr) (I´m speaking without knowledge about ojs library) ...

Thanks!
Cristina
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Thu Dec 05, 2013 12:37 pm

Hi Cristina,

Fundamentally the two libraries make use of the same approach to sending via SMTP: they both use fsockopen, and they both allow the ssl:// prefix to be passed to fsockopen to premit encryption. There are differences in implementation, e.g. the library you attached uses stream_socket_enable_crypto and uses the "starttls" SMTP command to enable TLS.

In the current master branch of OJS and the pkp-lib shared library, we've swapped out our own implementation of SMTP in favour of a 3rd-party one that likely has smoother support for TLS. The bug entry is http://pkp.sfu.ca/bugzilla/show_bug.cgi?id=7980 and it should be possible to back-port these changes to the stable 2.4.x branch if you're handy with PHP.

However, the thing that's not making sense to me is that those adaptations for TLS (stream_socket_enable_crypto etc.) happen after the connection is established, and you can see from your attempt to execute fsockopen in a one-line test script that it's not even getting that far before it hits an error message. So something else is happening here.

Looking at the configuration you quoted for the other application, you're using "protocol=sendmail", not "protocol=smtp" -- so I suspect you're not even using the SMTP hostname and authentication information configured there. It looks like that application is sending via a local sendmail client rather than the remote server you've configured.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7717
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Wed Dec 18, 2013 4:31 am

Hi Alec,

(I´ve been out).

As I told you I´ve tested the ssl protocol with this script:

<?php
$fp = fsockopen("ssl://[hostname]", [portnumber], $errno, $errstr);
?>

but it didn´t work.

And this was the error log:
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): Failed to enable crypto in /web/servicios/sp/ojs-2.4.2/pp.php on line 2
[Thu Nov 28 10:49:43 2013] [error] [client 10.253.1.16] PHP Warning: fsockopen(): unable to connect to ssl://smtp.unirioja.es:587 (Unknown error) in /web/servicios/sp/ojs-2.4.2/pp.php on line 2

Any other idea will be welcome!
Thanks!
Cristina
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Wed Dec 18, 2013 10:05 am

Hi Cristina,

Yes, but your other application is not working with TLS either, as it's configured for sendmail instead of smtp. Can you confirm that the other application is able to work with TLS?

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7717
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Tue Feb 25, 2014 2:15 am

Hi Alec,

After a rest period we return to this issue.

The library of the other app not only try to use SSL but also takes into account whether TLS is specified: (lines 1673 -- 1707)

-----------------------------------------------

/**
* SMTP Connect
*
* @access protected
* @param string
* @return string
*/
protected function _smtp_connect()
{
$ssl = NULL;
if ($this->smtp_crypto == 'ssl')
$ssl = 'ssl://';
$this->_smtp_connect = fsockopen($ssl.$this->smtp_host,
$this->smtp_port,
$errno,
$errstr,
$this->smtp_timeout);

if ( ! is_resource($this->_smtp_connect))
{
$this->_set_error_message('lang:email_smtp_error', $errno." ".$errstr);
return FALSE;
}

$this->_set_error_message($this->_get_smtp_data());

if ($this->smtp_crypto == 'tls')
{
$this->_send_command('hello');
$this->_send_command('starttls');
stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT);
}

return $this->_send_command('hello');
}

----------------------------------------------------------

In any case, in your opinion, what would be the configuration of OJS for sending secure mail? I'm lost after so much time and messages. (We hace Office 365 as exchange mail server).


Thanks!

Cristina
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Tue Feb 25, 2014 8:57 am

Hi Cristina,

In your other application, you have...
Code: Select all
$config['protocol']='sendmail';
When sending an email, the code runs the _spool_email() function, which will call a number of functions depending on what protocol is configured.

Because you've configured sendmail (as opposed to smtp), the TLS and SSL configuration is never used. Sendmail is a local delivery alternative to SMTP and doesn't support SMTP or TLS at this stage of delivery.

I'd suggest trying the other application with...
Code: Select all
$config['protocol']='smtp';
...to see whether it is able to deliver via TLS. This will give us a data point that will be useful in figuring out whether the OJS code is the problem, as opposed to the mail configuration.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7717
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Wed Feb 26, 2014 2:49 am

Hi ALec,

I´m going to talk with the person who leads the other app to see if they don´t care to change it to see if the problem is in the protocol.
Thanks!

Cristina
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby cristinaragon » Wed Feb 26, 2014 2:59 am

Hi again,

And if I try to change the protocol in OJS? Will it work?
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Wed Feb 26, 2014 9:11 am

Hi Cristina,

I'm not certain, but I suspect the other application will have the same trouble, which would suggest that your mail server is behaving unusually or isn't set up to handle SMTP via TLS.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7717
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Thu Feb 27, 2014 8:33 am

Hi Alec,

But will OJS work with secure sendmail? I´m going to test it (the other app seems to be working well) with this params:

config.inc.php:
------------------------------------------------
; Use SMTP for sending mail instead of mail()
smtp = Off

;force_login_ssl = On

; SMTP server settings
smtp_server = tls://smtp.office365.com
smtp_port = 587
; Enable SMTP authentication
; Supported mechanisms: PLAIN, LOGIN, CRAM-MD5, and DIGEST-MD5
smtp_auth = PLAIN

smtp_username = ojs@unirioja.es
smtp_password = *******

; Allow envelope sender to be specified
; (may not be possible with some server configurations)

allow_envelope_sender = On
------------------------------------------------

And

lib/pkp/classes/mail/SMTPMailer.inc.php:

------------------------------------------------
/**
* Constructor.
*/
function SMTPMailer() {
$this->server = Config::getVar('email', 'smtp_server');
$this->port = Config::getVar('email', 'smtp_port');
$this->auth = Config::getVar('email', 'smtp_auth');
$this->username = Config::getVar('email', 'smtp_username');
$this->password = Config::getVar('email', 'smtp_password');
if (!$this->server)
$this->server = 'smtp.office365.com';
if (!$this->port)
$this->port = 587;
}


------------------------------------------------

I guess the second modification/configuration is not required because it will take those values form config.inc.php isn´t it?

I keep researching.

Cristina
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby cristinaragon » Thu Feb 27, 2014 8:55 am

Hi Alec,

I can assure you that the other application and CGIs that are in the same machine work well sending mail with TLS. :-(

Cristina
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Re: TLS support

Postby asmecher » Thu Feb 27, 2014 9:09 am

Hi Cristina,

As described above, if you configure your other application to deliver via sendmail, it will not use your TLS/SSL configuration parameters. Likewise, if you configure OJS with "smtp = Off", it will not use the username/password and hostname you supply. The two delivery methods are mutually exclusive.

Your other application is currently configured to deliver using Sendmail, not SMTP. The SMTP configuration you've given it is not being used.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7717
Joined: Wed Aug 10, 2005 12:56 pm

Re: TLS support

Postby cristinaragon » Fri Feb 28, 2014 4:15 am

Hi Alec,

Everything is very strange.

In our machine we can not send messages over port 25 (it´s closed). So I supposed that all messages that are been sent from any place (php app, cgis, etc) were sent through port 587 with user/pass for authentication regardless of whether the protocol is smtp or sendmail.

I have to wait for Monday to talk with our postmaster.

Thanks for your patience!

Cristina
cristinaragon
 
Posts: 16
Joined: Mon Feb 04, 2013 2:45 am

Previous

Return to OCS Technical Support

Who is online

Users browsing this forum: No registered users and 4 guests