I was using IP-1.4.10 using php 5.5 before I upgraded to IP-1.5 using php 7.0.
When I try to send an email I get the following errors:
browser error message:
It seems that the application stuck because of an error.
THEN:
This site can’t be reached
The web page at https://.co.uk/index.php/mailer/send_invoice/130 might be temporarily down or it may have moved permanently to a new web address.
ERR_SPDY_PROTOCOL_ERROR
@Kovah I think there is an issue with the SMTP connection to the mail server. Logs following…
Scenario 1
IP 1.5.4 - PHP7 - Mozilla Firefox - IP runs on Server1 and email server runs on Server2
System Settings > Email > Email Sending Method: SMTP
System Settings > Email > Security SSL
System Settings > Email > Verify SMTP certificates: Yes
Client approves quote, system tries to send email, browser not stuck, email NOT sent! Log at Email Server [Server2]: 2017-10-12 16:58:58 TLS error on connection from Server1 [1.2.3.4] (gnutls_handshake): An unexpected TLS packet was received.
Scenario 2
IP 1.5.4 - PHP7 - Mozilla Firefox - IP runs on Server1 and email server runs on Server2
System Settings > Email > Email Sending Method: SMTP
System Settings > Email > Security TLS
System Settings > Email > Verify SMTP certificates: Yes
Client approves quote, system tries to send email, browser stuck for some time and then Connection timed out error at browser, email NOT sent! Log at Email Server [Server2]: 2017-10-12 16:46:20 TLS error on connection from Server1 [1.2.3.4] (gnutls_handshake): An unexpected TLS packet was received.
I can reproduce those issues 100% of the times. It seems that something was changed in the TLS/SSL handshake part that is causing these issues.
Please note that in my case (at least) I can’t use PHPmail or Sendmail, so in essence there is no email functionality
Message me or quote me in this thread if you want me to perform more tests.
Are you using “localhost” as your SMTP serve namer in InvoicePlane? If so, that’s why you need to change the "Verify SMTP Certificates" to no. If you are not using an FQDN for the mail server name, a TLS error occurs when the certificates are checked (localhost != host.domain.com). This is causes a gnutls_handshake error. If you want to verify TLS certificates, the common name must match the connected hostname. It isn’t a bug, that’s how TLS Veritifcation works.
The same thing occurs with a web site, eg. ‘mysite.domain.com’ when you access it by IP address. You get an “untrusted certificate” warning, even though the certificate is valid.
This is not the problem in my case, in which the mail server runs on a different machine. And to clarify a bit more, I’m accessing the mail server (SMTP settings) using FQDN. The mail server has both Forward and Reverse DNS lookup name and the certificate matches this name ofc.
There is chance though for something else, which I didn’t have the time to check yet. If the server’s certificate chain is not complete (i.e. doesn’t have the intermediate certificate from the CA), IP might not be able to verify the whole chain up to the CA.
That seems likely, as that would also cause a gnutls verification failure. Unfortunately, the sensibility of the debug output from gnutls doesn’t match the verbosity!
In reality, if you’re using authenticated SMTP and you control both hosts, your chain of trust isn’t as important is it would be when using a third party’s server. You know you can trust the server you’re connecting to. Obviously, however, this could be a problem for other servers connecting to your host as the level of security increases across the world.
I can confirm that -in my case at least- the problem was with incomplete certificate chain on the mail server.
I have a test installation of IP, so I spent some time just to test this. After completing the certificate chain on the mail server, the problem disappeared
