Do we actually want to allow that ? Disabling peer verification means that your TLS connection is insecure (anyone can do a MitM attack without any issue).

What is the use case to add such feature ?

In case of internal enterprise SMTP with self signed certificate, it's currently impossible to send mail without this. I'm aware that's an insecure way to do things, but there is no way to force no use of TLS connection to work around this issue. I think it's a good compromise in term of security between no encryption at all and fully authenticated TLS connection.

internal enterprise SMTP with self signed certificate

The way to go here would be to trust your internal CA that signed your certificate. TLS without certificate verification is a big red flag.

The way to go here would be to trust your internal CA that signed your certificate. TLS without certificate verification is a big red flag.

The issue here is I cannot trust any CA because it's a self signed certificate. By design there is no CA on a self signed certificate. I do know it's a bad way to do things, but I have no control over the SMTP server which use this certificate.
Currently I'm using Switfmailer without any encryption at all because I can't use this lib. There is no way to not use TLS with this lib, if the server respond with STARTTLS capability, so I've made this PR in order to use this mailer in such case. But I can add a flag to prevent TLS even if the server said it support TLS after the EHLO request.

i have the same problem !

(please add a line in the changelog of the component)

Thank you @Livda.

#mailer.yaml

parameters:
env(verify): 'false'

framework:
mailer:
dsn: '%env(MAILER_DSN)%?verify_peer=%env(bool:verify)%'

Is there a chance to make this functionality available in Symfony 4.4 as well?

@pschirch i need it too !

Regarding the post from @hectorprats , is this the recommended way? No way to set it only with the MAILER_DSN? I tried it with MAILER_DSN="my-host?verify_peer=false", but this results in a string "false" for verify_peer.
Edit: Ok, works with MAILER_DSN="my-host?verify_peer=0"

It works, but 0 !== boolean.

it's better to keep the semantic.

Thanks @Livda !
But i want to use it with LTS v4.4, because i have an SSL error :(.
I need to create issue on v4.4 ?
@xfifix @pschirch

@hectorprats Sorry, but this is unnecessary. Your version also ends in verify_peer= and verify_peer=1. And for the semantics, you also have a string "true", and not a boolean.
So in my examples MAILER_DSN="my-host?verify_peer=" will result in disabled peer verification. And you don't have to modify the supplied mailer.yaml.

null is not the same as false.

And.. read better my version. You can see the transformation.

It results in the same string inside MAILER_DSN, without the need for modifying a framework-config-file. Both versions work - everyone can choose his version ;-)

@pschirch @roublarstar I described on SO on how to get this working in 4.4 by overriding EsmtpTransportFactory:
https://stackoverflow.com/a/61662214/541949

Still it would be great if this can be ported to 4.4 :)

It seems that this patch is not on the 4.4 branch ... Could you put in version 4.4x?

For all those who are on 4.4 and verify_peer options is not implemented. You can specify the port in the DSN and achieve the same thing. Example:

MAILER_DSN=smtp://127.0.0.1:25