在向 google 帐户发送电子邮件之前,我的脚本查找了 google 电子邮件服务器的 MX 记录。结果是:
gmail-smtp-in.l.google.com
alt1.gmail-smtp-in.l.google.com
alt2.gmail-smtp-in.l.google.com
alt3.gmail-smtp-in.l.google.com
alt4.gmail-smtp-in.l.google.com
然后我成功连接到gmail-smtp-in.l.google.com
并在EHLO
我开始STARTTLS
请求切换到 SSL 之后。但是,我将脚本设置为检查并确保证书中列出的主机也与我正在连接的域匹配。
stream_context_set_option($fh, 'ssl', 'CN_match', 'gmail-smtp-in.l.google.com`);
然而,这就是事情破裂的地方。我收到以下错误:
stream_socket_enable_crypto(): Peer certificate CN='mx.google.com' did not match expected CN='gmail-smtp-in.l.google.com'
我检查了nslookup mx.google.com
它的位置,发现它不存在。
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find mx.google.com: NXDOMAIN
为什么 SSL 证书与使用它的域不匹配?我错过了什么吗?
以下是我的脚本从他们那里收到的证书。
Array
(
[name] => /C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
[subject] => Array
(
[C] => US
[ST] => California
[L] => Mountain View
[O] => Google Inc
[CN] => mx.google.com
)
[hash] => fbf7dda6
[issuer] => Array
(
[C] => US
[O] => Google Inc
[CN] => Google Internet Authority
)
[version] => 2
[serialNumber] => 280762463620984597407910
[validFrom] => 120912115656Z
[validTo] => 130607194327Z
[validFrom_time_t] => 1347451016
[validTo_time_t] => 1370634207
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] =>
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] =>
[2] => sslserver
)
[3] => Array
(
[0] => 1
[1] =>
[2] => nssslserver
)
[4] => Array
(
[0] =>
[1] =>
[2] => smimesign
)
[5] => Array
(
[0] =>
[1] =>
[2] => smimeencrypt
)
[6] => Array
(
[0] => 1
[1] =>
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] =>
[2] => ocsphelper
)
)
[extensions] => Array
(
[extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
[subjectKeyIdentifier] => 69:B3:67:5C:04:7F:16:EF:C1:85:FB:E8:2D:E4:FC:21:E9:7D:93:AF
[authorityKeyIdentifier] => keyid:BF:C0:30:EB:F5:43:11:3E:67:BA:9E:91:FB:FC:6A:DA:E3:6B:12:24
[crlDistributionPoints] => URI:http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crl
[authorityInfoAccess] => CA Issuers - URI:http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crt
[basicConstraints] => CA:FALSE
[subjectAltName] => DNS:mx.google.com
)
)