On Sun, Jan 4, 2009 at 7:57 PM, Paul Lesniewski <paul@xxxxxxxxxxxxxxxx> wrote: > On Sun, Jan 4, 2009 at 6:29 AM, Jim Duda <jim@xxxxxxxxxxxx> wrote: >> Paul Lesniewski wrote: >> >>>> I installed the SVN version as you requested. >>>> The banner displays as: >>>> >>>> SquirrelMail version 1.4.17 [SVN] >>> >>> Looks like the script that generates snapshots stalled out in >>> December. Too bad. I'll have to get with the team on that one. So >>> for now, you'd have to resort to an anonymous SVN checkout instead to >>> get our newest code. >>> >>>> So, I know I'm pointing to the proper version. >>> >>> Unfortunately, you aren't. >> >> Okay, I installed from SVN. Now my banner says: >> SquirrelMail version 1.4.18 [SVN] >> >> Same behavior. Everything works fine using port 8024, but not using 443. >> >>> >>> As well as getting the newest SM code, you need to inspect the cookies >>> in your browser. It may be possible that you are experiencing bug >>> #2388423, which is addressed in 1.4.18SVN. >> >> Using firefox, I can see that the cookies for the server are available. >> I don't have the knowledge to determine if they are correct. >> >> I have four cookies "SQMSESSID". >> I have two cookies "squirrelmail_language" >> I have one cookie "key" >> >> If I remove the cookies, then use port 443 again, I only have one >> set (4 totals), all of which are coded with >> "Send For: Encrypted connections only" >> >> Next I downgraded to this version (banner display): >> SquirrelMail version 1.4.16 >> >> Now, both ports 443 and 8024 work properly. >> >> So, there was something different between version 1.4.16 and 1.4.17 which >> caused my specific behaviour change in squirrelmail. >> >> However, it's possible my problem might be caused by the fact I am >> not using port 443 is a standard SSL manner. I don't use SSL at >> all and I've never figured out how to set it up in the proper >> use case. I only use ports 443 since it's accessible both from >> work and through my ISP. And, some change in 1.4.17 was fixing >> some bug which allowed me to use 443 when I shouldn't have been >> able too. I dunno ... you know more about this than I do. >> I'm certainly willing to learn about how to setup SSL if necessary >> to properly use port 443. > > That's a very risky bet. All the software in the equation - from the > browser to the web server to SquirrelMail all typically assume 443 == > SSL. It is possible to use non-SSL connections on port 443, but it's > always going to introduce a higher probability that problems like this > will occur. One thing you can do with 1.4.18 (BTW, the snapshots on > our download page are working again) is to turn off > $only_secure_cookies (config/conf.pl-->4-->16. Only secure cookies if > poss.) because you indicated that you are NOT using SSL but the > SSL-only flag is turned on. Or try to trick SM by setting $sq_https_port to to something other than 443 (some unused port is fine if you don't use SSL) in config/config_local.php ------------------------------------------------------------------------------ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
