Resolves Issue #986 - Turn off opportunistic TLS when disabled. (#987)

This ensures that when you have disabled 'secure' in your mail config no TLS attempts are ... attempted.
userfrosting · Jun 13, 2019 · d1221b9 · d1221b9
1 parent 4739a54
commit d1221b9
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/app/sprinkles/core/config/default.php b/app/sprinkles/core/config/default.php
@@ -211,7 +211,7 @@
             'host'            => getenv('SMTP_HOST') ?: null,
             'port'            => 587,
             'auth'            => true,
-            'secure'          => 'tls',
+            'secure'          => 'tls', // Enable TLS encryption. Set to `tls`, `ssl` or `false` (to disabled)
             'username'        => getenv('SMTP_USER') ?: null,
             'password'        => getenv('SMTP_PASSWORD') ?: null,
             'smtp_debug'      => 4,

diff --git a/app/sprinkles/core/src/Mail/Mailer.php b/app/sprinkles/core/src/Mail/Mailer.php
@@ -67,6 +67,13 @@ public function __construct($logger, $config = [])
                 $this->phpMailer->Password = $config['password'];
                 $this->phpMailer->SMTPDebug = $config['smtp_debug'];
 
+                // Disable opportunistic encryption if secure is unset. This is
+                // required if you have an incorrect or invalid SSL Certificate on
+                // your SMTP host, but the server offers STARTTLS.
+                if (!$config['secure']) {
+                    $this->phpMailer->SMTPAutoTLS = false;
+                }
+
                 if (isset($config['smtp_options'])) {
                     $this->phpMailer->SMTPOptions = $config['smtp_options'];
                 }