Published 7 months ago by jonjie
Hi. I have research about it when sending an email to gmail. This solves the problem that when you send an email without this code, it is not sending the email or sometimes the email will go to the spam folder, but when you include it, the email is sending perfectly. Is this code safe? Do this code has advantage and disadvantage? Do this code affects the application?
'stream' => [ 'ssl' => [ 'allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false, ], ]
What snapey is saying is that you're changing the way you allow for SSL (https) connections.
For a small analogy we go to the real world.
If you know you need to communicate with me, you can find me up in a phone book, contact me, and to make sure I am really me, I can show you my ID / passport. Which is handed to me by a government (we can sort of trust them right)
This is the same with internet connections:
Normally, when you connect to smtp.google.com, you ask for a DNS server for the location of smtp.google.com. You get the IP, and contact is. When you do this without SSL, you might get the wrong server (someone is faking to be google) but over SSL, you get a certificate from the server which identifies it as being smtp.google.com (sorta like it's passport).
These certificates would be given out by an certificate authority so you can know that you can trust the certificate (otherwise it's just a piece of paper saying I am who I say I am, why would you trust that)
What you are doing with changing these settings is:
All by all, you just removed the complete certification part that makes SSL (and thus HTTPS) safe.
Basicaly you go on to the street, and give your info to the first person that says he's who you are looking for.