'Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-users
Subject:    Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6
From:       Paul Lesniewski <paul () squirrelmail ! org>
Date:       2015-12-26 21:52:44
Message-ID: CAHog114qPmPWgXHsyiTcbmA92PjqS7ng1Va0FQ9FZOGmTm+1hA () mail ! gmail ! com
[Download RAW message or body]

On 12/14/15, Julien Métairie <ruliane@ruliane.net> wrote:
> Hi list,
> 
> 
> 
> I am trying to upgrade my server running Squirrelmail from Debian Wheezy
> to Jessie.
> 
> IMAP server is Courier-ssl using a self-signed certificate.
> 
> Also note that Squirrelmail connects to 192.168.xx.xx, while the
> certificate is (auto-)issued to mail.mydomain.com.
> 
> 
> 
> After upgrading, configtest.php complains that it couldn't connect to
> IMAP server because of a "Server error: (0)".
> 
> 
> 
> The following is logged on the web server running Squirrelmail:
> 
> 
> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
> Error message:\nerror:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
> /usr/share/squirrelmail/src/configtest.php on line 431.
> 
> 
> 
> 
> And on the IMAP mail server:
> 
> 
> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> 
> 
> 
> 
> 
> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
> tweaking this checks with $imap_stream_options, but I can't manage to
> use it. For testing purpose, I added the following to
> /etc/squirrelmail/config_local.php :
> 
> 
> $imap_stream_options = array(
> 
> 	'ssl' => array(
> 
> 		'verify_peer' => false,
> 
> 	),
> 
> );
> 
> 
> 
> But there is no change with or without this option. I also tried to turn
> 'allow_self_signed' on, without success.

You might insert something like this:

sm_print_r('STREAM OPTIONS:', $stream_options);

Around line 763 of functions/imap_general.php

Make sure your settings are being used.

Otherwise, it sounds a little to me like your PHP installation isn't
functioning properly.  Check here for the available options:

http://php.net/manual/en/context.ssl.php

> Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
> software are installed from Debian repository.
> 
> 
> 
> I went through this thread [1] but didn't understood any final solution.
> 
> What did I miss ?
> 
> 
> 
> Regards,
> 
> Julien
> 
> 
> 
> [1]
> http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html
>  

-- 
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic