It is a fairly good possibilty that your errors are happening due to your anti-virus software. (I’m assuming you are running anti-virus software)
I get your first reported error when running AntiVirus free. When I temporarily turn it off the email works fine.
It appears the anti-virus software has a negative effect when cake attempts to verify the TLS server certificate.
My problem seems solved, question is if it’s a typically ‘AntiVirus free / Gmail’ issue or a generic ‘anti-virus software / Gmail’ issue? Because mail using my hoster isn’t a problem, it doesn’t seem a generic antivirus free issue.
And how bad is it to disable the scanning of the outbound mail? I guess that’s there’s a bigger risc now that I’m spreading virusses? Maybe just using the windows-virusscanner is enough nowadays (I’m using antivirus free out of habbit I think)?
Ok. This ‘certificate’ stuff is a career in itself. It would’nt leave you much time for app development.
However, this is my understanding of the problem along with a solution. Note, this is my understanding, it may not be completely accurate.
AVG installs a self signed certificate into your web browser so that it can become the middle man in web/email traffic. This is how it is able to scan your web and email data for viruses.
This works for web requests and ‘normal’ email clients because your browser has this self signed certificate to verify credentials against. Most browsers have the option to view the certificates that are installed. If you look you will see the AVG one.
Problem is PHP does not, by default, allow self signed certicates - hence the error mesages.
To configure your email transports to allow self signed certificates add:
‘context’ => [
‘ssl’ => [
‘verify_peer’ => false,
‘verify_peer_name’ => false,
‘allow_self_signed’ => true
to the transport configurations in config/app.php
You will then notice that any emails sent have the:
‘This email has been checked for viruses by AVG.’ https://www.avg.com
I’m not totally sure what the security implications of doing this are but hope to find out with further investigation.
if you comment out
// ‘verify_peer_name’ => false,
// ‘allow_self_signed’ => true
the emails are still sent ok after being scanned by AVG.
So it appears that
‘verify_peer’ => false,
is the line that allows the emails to work.
Online comments about this indicate that this line stops the certificate(s) being verified !!!
Don’t like the sound of this. I think I would rather have AVG not scan the email for viruses than do away with certificate security.
If your hoster is using SMTP than its using the same protocol as gmail. What is almost certainly different is how authentication is carried out before you are allowed to send and whether a ‘middle man’ certificate is inserted into the process to scan sent emails…What port is your hoster using to send emails (25) ?
But at least you have a choice what risc to take :). Suppose sending 10.000 mails with your standard e-mail client and 10 mails sending with a CakeePHP app.
Keep wondering if this is just an AVG-issue, I will purge the AVG and use the windows virus-scanner instead.
Yes, but I realized I don’t have to state ‘tls’ => true’. So it’s not using tls I guess, and according to the error message you received (‘tls_process_server_certificate:certificate verify failed’) it’s in the tls.
Default Windows10 virus detection doesn’t give a problem, so i’ll stick to that. No idea how much risc on receiving/sending virusses raises, whether microsoft uses those self signed certificates, it’s far beyond my knowledge. Hope there is still a basic protection.
So, bad idea after all. Appears I’m using apps that will not work with the Google-account set to accept less secure apps. When set to accept only secure apps, I get errors, as expected (password errors).