From ee4c1efeb4497e48435d805889a8b22067e93a69 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 28 Jun 2026 15:42:55 +0200
Subject: [PATCH 1/2] fix bitwise | to logical || in TLS-mode check

The protocol check in send() used a bitwise | between the last two
comparisons instead of ||. It happened to produce the correct result,
but was a typo. Use || for clarity and to avoid surprising edge cases.
---
 src/Mailer/SMTP.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Mailer/SMTP.php b/src/Mailer/SMTP.php
index 50bc3c1..7ed9c66 100644
--- a/src/Mailer/SMTP.php
+++ b/src/Mailer/SMTP.php
@@ -176,7 +176,7 @@ public function send(Message $message)
         $this->connect()
             ->ehlo();
 
-        if ($this->secure === 'tls' || $this->secure === 'tlsv1.0' || $this->secure === 'tlsv1.1' | $this->secure === 'tlsv1.2') {
+        if ($this->secure === 'tls' || $this->secure === 'tlsv1.0' || $this->secure === 'tlsv1.1' || $this->secure === 'tlsv1.2') {
             $this->starttls()
                 ->ehlo();
         }

From 33da0aace0f0c9a5f7ec0287407da0cf272a8ddb Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 28 Jun 2026 15:43:03 +0200
Subject: [PATCH 2/2] improve diagnostics on connect and TLS failures

- connect(): include the OS error code/message from stream_socket_client()
  so failures report 'Connection refused', 'Connection timed out', etc.
  instead of the uninformative 'Could not open SMTP Port'.
- starttls(): suppress the misleading PHP warning from
  stream_socket_enable_crypto() (often 'SSL: Success') and append the real
  OpenSSL reason from error_get_last() to the CryptoException.
---
 src/Mailer/SMTP.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/Mailer/SMTP.php b/src/Mailer/SMTP.php
index 7ed9c66..a175f4a 100644
--- a/src/Mailer/SMTP.php
+++ b/src/Mailer/SMTP.php
@@ -224,7 +224,10 @@ protected function connect()
             $context
         );
         if (!$this->smtp){
-            throw new SMTPException("Could not open SMTP Port to $host:{$this->port}");
+            throw new SMTPException(
+                "Could not open SMTP Port to $host:{$this->port}" .
+                ($error_message ? " ($error_code: $error_message)" : '')
+            );
         }
         $code = $this->getCode();
         if ($code !== '220'){
@@ -259,8 +262,12 @@ protected function starttls()
             stream_context_set_option($this->smtp, 'ssl', 'allow_self_signed', true);
         }
 
-        if(!\stream_socket_enable_crypto($this->smtp, true, STREAM_CRYPTO_METHOD_ANY_CLIENT)) {
-            throw new CryptoException("Start TLS failed to enable crypto");
+        if(!@\stream_socket_enable_crypto($this->smtp, true, STREAM_CRYPTO_METHOD_ANY_CLIENT)) {
+            $err = error_get_last();
+            throw new CryptoException(
+                "Start TLS failed to enable crypto" .
+                (isset($err['message']) ? ": {$err['message']}" : '')
+            );
         }
         return $this;
     }