[Mailer] simplified the way TLS/SSL/StartTls work

Author: fabpot

CHANGELOG.md

@@ -4,6 +4,9 @@ CHANGELOG
 4.4.0
 -----
 
+ * STARTTLS cannot be enabled anymore (it is used automatically if TLS is disabled and the server supports STARTTLS)
+ * [BC BREAK] Removed the `encryption` DSN option (use `smtps` instead)
+ * Added support for the `smtps` protocol (does the same as using `smtp` and port `465`)
  * Added PHPUnit constraints
  * Added `MessageDataCollector`
  * Added `MessageEvents` and `MessageLoggerListener` to allow collecting sent emails

Test/TransportFactoryTestCase.php

@@ -69,7 +69,7 @@ public function testCreate(Dsn $dsn, TransportInterface $transport): void
         $factory = $this->getFactory();
 
         $this->assertEquals($transport, $factory->create($dsn));
-        if ('smtp' !== $dsn->getScheme()) {
+        if ('smtp' !== $dsn->getScheme() && 'smtps' !== $dsn->getScheme()) {
             $this->assertStringMatchesFormat($dsn->getScheme().'://%S'.$dsn->getHost().'%S', $transport->getName());
         }
     }

Tests/Transport/Smtp/EsmtpTransportFactoryTest.php

@@ -22,6 +22,11 @@ public function supportsProvider(): iterable
             true,
         ];
 
+        yield [
+            new Dsn('smtps', 'example.com'),
+            true,
+        ];
+
         yield [
             new Dsn('api', 'example.com'),
             false,
@@ -33,19 +38,33 @@ public function createProvider(): iterable
         $eventDispatcher = $this->getDispatcher();
         $logger = $this->getLogger();
 
-        $transport = new EsmtpTransport('example.com', 25, null, null, $eventDispatcher, $logger);
+        $transport = new EsmtpTransport('localhost', 25, false, null, $eventDispatcher, $logger);
 
         yield [
-            new Dsn('smtp', 'example.com'),
+            new Dsn('smtp', 'localhost'),
             $transport,
         ];
 
-        $transport = new EsmtpTransport('example.com', 99, 'ssl', 'login', $eventDispatcher, $logger);
+        $transport = new EsmtpTransport('example.com', 99, true, 'login', $eventDispatcher, $logger);
         $transport->setUsername(self::USER);
         $transport->setPassword(self::PASSWORD);
 
         yield [
-            new Dsn('smtp', 'example.com', self::USER, self::PASSWORD, 99, ['encryption' => 'ssl', 'auth_mode' => 'login']),
+            new Dsn('smtps', 'example.com', self::USER, self::PASSWORD, 99, ['auth_mode' => 'login']),
+            $transport,
+        ];
+
+        $transport = new EsmtpTransport('example.com', 465, true, null, $eventDispatcher, $logger);
+
+        yield [
+            new Dsn('smtps', 'example.com'),
+            $transport,
+        ];
+
+        $transport = new EsmtpTransport('example.com', 465, true, null, $eventDispatcher, $logger);
+
+        yield [
+            new Dsn('smtp', 'example.com', '', '', 465),
             $transport,
         ];
     }

Tests/Transport/Smtp/EsmtpTransportTest.php

@@ -0,0 +1,43 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Mailer\Tests\Transport\Smtp;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport;
+
+class EsmtpTransportTest extends TestCase
+{
+    public function testName()
+    {
+        $t = new EsmtpTransport();
+        $this->assertEquals('smtp://localhost', $t->getName());
+
+        $t = new EsmtpTransport('example.com');
+        if (\defined('OPENSSL_VERSION_NUMBER')) {
+            $this->assertEquals('smtps://example.com', $t->getName());
+        } else {
+            $this->assertEquals('smtp://example.com', $t->getName());
+        }
+
+        $t = new EsmtpTransport('example.com', 2525);
+        $this->assertEquals('smtp://example.com:2525', $t->getName());
+
+        $t = new EsmtpTransport('example.com', 0, true);
+        $this->assertEquals('smtps://example.com', $t->getName());
+
+        $t = new EsmtpTransport('example.com', 0, false);
+        $this->assertEquals('smtp://example.com', $t->getName());
+
+        $t = new EsmtpTransport('example.com', 466, true);
+        $this->assertEquals('smtps://example.com:466', $t->getName());
+    }
+}

Tests/Transport/Smtp/SmtpTransportTest.php

@@ -20,9 +20,9 @@ class SmtpTransportTest extends TestCase
     public function testName()
     {
         $t = new SmtpTransport();
-        $this->assertEquals('smtp://localhost:25', $t->getName());
+        $this->assertEquals('smtps://localhost', $t->getName());
 
-        $t = new SmtpTransport((new SocketStream())->setHost('127.0.0.1')->setPort(2525));
+        $t = new SmtpTransport((new SocketStream())->setHost('127.0.0.1')->setPort(2525)->disableTls());
         $this->assertEquals('smtp://127.0.0.1:2525', $t->getName());
     }
 }

Tests/Transport/Smtp/Stream/SocketStreamTest.php

@@ -37,7 +37,6 @@ public function testSocketErrorBeforeConnectError()
                 'cafile' => __FILE__,
             ],
         ]);
-        $s->setEncryption('ssl');
         $s->setHost('smtp.gmail.com');
         $s->setPort(465);
         $s->initialize();

Transport/Smtp/EsmtpTransport.php

@@ -31,7 +31,7 @@ class EsmtpTransport extends SmtpTransport
     private $password = '';
     private $authMode;
 
-    public function __construct(string $host = 'localhost', int $port = 25, string $encryption = null, string $authMode = null, EventDispatcherInterface $dispatcher = null, LoggerInterface $logger = null)
+    public function __construct(string $host = 'localhost', int $port = 0, bool $tls = null, string $authMode = null, EventDispatcherInterface $dispatcher = null, LoggerInterface $logger = null)
     {
         parent::__construct(null, $dispatcher, $logger);
 
@@ -44,11 +44,23 @@ public function __construct(string $host = 'localhost', int $port = 25, string $
 
         /** @var SocketStream $stream */
         $stream = $this->getStream();
+
+        if (null === $tls) {
+            if (465 === $port) {
+                $tls = true;
+            } else {
+                $tls = \defined('OPENSSL_VERSION_NUMBER') && 0 === $port && 'localhost' !== $host;
+            }
+        }
+        if (!$tls) {
+            $stream->disableTls();
+        }
+        if (0 === $port) {
+            $port = $tls ? 465 : 25;
+        }
+
         $stream->setHost($host);
         $stream->setPort($port);
-        if (null !== $encryption) {
-            $stream->setEncryption($encryption);
-        }
         if (null !== $authMode) {
             $this->setAuthMode($authMode);
         }
@@ -105,13 +117,15 @@ protected function doHeloCommand(): void
             return;
         }
 
+        $capabilities = $this->getCapabilities($response);
+
         /** @var SocketStream $stream */
         $stream = $this->getStream();
-        if ($stream->isTLS()) {
+        if (!$stream->isTLS() && \defined('OPENSSL_VERSION_NUMBER') && \array_key_exists('STARTTLS', $capabilities)) {
             $this->executeCommand("STARTTLS\r\n", [220]);
 
             if (!$stream->startTLS()) {
-                throw new TransportException('Unable to connect with TLS encryption.');
+                throw new TransportException('Unable to connect with STARTTLS.');
             }
 
             try {
@@ -123,7 +137,6 @@ protected function doHeloCommand(): void
             }
         }
 
-        $capabilities = $this->getCapabilities($response);
         if (\array_key_exists('AUTH', $capabilities)) {
             $this->handleAuth($capabilities['AUTH']);
         }

Transport/Smtp/EsmtpTransportFactory.php

@@ -22,12 +22,12 @@ final class EsmtpTransportFactory extends AbstractTransportFactory
 {
     public function create(Dsn $dsn): TransportInterface
     {
-        $encryption = $dsn->getOption('encryption');
+        $tls = 'smtps' === $dsn->getScheme() ? true : null;
         $authMode = $dsn->getOption('auth_mode');
-        $port = $dsn->getPort(25);
+        $port = $dsn->getPort(0);
         $host = $dsn->getHost();
 
-        $transport = new EsmtpTransport($host, $port, $encryption, $authMode, $this->dispatcher, $this->logger);
+        $transport = new EsmtpTransport($host, $port, $tls, $authMode, $this->dispatcher, $this->logger);
 
         if ($user = $dsn->getUser()) {
             $transport->setUsername($user);
@@ -42,6 +42,6 @@ public function create(Dsn $dsn): TransportInterface
 
     public function supports(Dsn $dsn): bool
     {
-        return 'smtp' === $dsn->getScheme();
+        return 'smtp' === $dsn->getScheme() || 'smtps' === $dsn->getScheme();
     }
 }

Transport/Smtp/SmtpTransport.php

@@ -129,7 +129,13 @@ public function send(RawMessage $message, SmtpEnvelope $envelope = null): ?SentM
     public function getName(): string
     {
         if ($this->stream instanceof SocketStream) {
-            return sprintf('smtp://%s:%d', $this->stream->getHost(), $this->stream->getPort());
+            $name = sprintf('smtp%s://%s', ($tls = $this->stream->isTLS()) ? 's' : '', $this->stream->getHost());
+            $port = $this->stream->getPort();
+            if (!(25 === $port || ($tls && 465 === $port))) {
+                $name .= ':'.$port;
+            }
+
+            return $name;
         }
 
         return sprintf('smtp://sendmail');

Transport/Smtp/Stream/SocketStream.php

@@ -25,10 +25,9 @@ final class SocketStream extends AbstractStream
 {
     private $url;
     private $host = 'localhost';
-    private $protocol = 'tcp';
-    private $port = 25;
+    private $port = 465;
     private $timeout = 15;
-    private $tls = false;
+    private $tls = true;
     private $sourceIp;
     private $streamContextOptions = [];
 
@@ -72,18 +71,11 @@ public function getPort(): int
     }
 
     /**
-     * Sets the encryption type (tls or ssl).
+     * Sets the TLS/SSL on the socket (disables STARTTLS).
      */
-    public function setEncryption(string $encryption): self
-    {
-        $encryption = strtolower($encryption);
-        if ('tls' === $encryption) {
-            $this->protocol = 'tcp';
-            $this->tls = true;
-        } else {
-            $this->protocol = $encryption;
-            $this->tls = false;
-        }
+    public function disableTls(): self
+    {
+        $this->tls = false;
 
         return $this;
     }
@@ -128,8 +120,8 @@ public function getSourceIp(): ?string
     public function initialize(): void
     {
         $this->url = $this->host.':'.$this->port;
-        if ($this->protocol) {
-            $this->url = $this->protocol.'://'.$this->url;
+        if ($this->tls) {
+            $this->url = 'ssl://'.$this->url;
         }
         $options = [];
         if ($this->sourceIp) {
@@ -138,9 +130,8 @@ public function initialize(): void
         if ($this->streamContextOptions) {
             $options = array_merge($options, $this->streamContextOptions);
         }
-        if ($this->isTLS()) {
-            $options['ssl']['crypto_method'] = $options['ssl']['crypto_method'] ?? STREAM_CRYPTO_METHOD_TLS_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
-        }
+        // do it unconditionnally as it will be used by STARTTLS as well if supported
+        $options['ssl']['crypto_method'] = $options['ssl']['crypto_method'] ?? STREAM_CRYPTO_METHOD_TLS_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
         $streamContext = stream_context_create($options);
 
         set_error_handler(function ($type, $msg) {