"David C. Rankin wrote:"
>
> On 06/14/2015 11:53 PM, David C. Rankin wrote:
> > Paul, after you look into this, if this was the sole cause, you may want to
> > drop a Install/Upgrade note regarding php 5.6 and the change required in server
> > settings.
> >
> > (even better, it may be worth adding a check in the squirrelmail code that if
> > server setting is listed as 'localhost', make a php call to obtain the server
> > hostname/domain to compare against the Peer reported name before a CN mismatch
> > is declared -- or something similar -- may fix it)
>
>
> If you do look at this, it looks like a possible fix for php 5.6+ needs to be
> prior to line 725 in functions/imap_general.php:
>
> in function sqimap_create_stream:
>
> $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
>
>
> The problem in my case appears to be that if 'localhost' is specified as the
> imap server in config.php (as it has been for the past 5-10 years), passing
> 'localhost' as $server to fsockopen now causes the IMAP stream open failure
> (presumably due to the new default of verify_peer=true). I seems like a
> functional check of something like the following could help:
>
> if $server equals 'localhost' {
> $servername equals hostname.dnsdomainname (or however you get this in php)
> $imap_stream = @fsockopen($servername, $port, $error_number, $error_string, 15);
> } else {
> $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
> }
>
> It is trickier if the CN wasn't generated with the suggested '*.domain.tld'
> format, but rather 'host.domain.tld'. In that case there would no way of knowing
> if the 'host' part of 'host.domain.tld' returned by the 'hostname' equivalent
> would match the name used as the CN in certificate generation.
>
> However, just adding the 'localhost' check and 'host.domain.tld' substitution
> would work for every case where CN is specified in the recommended
> '*.domain.tld' format. (I haven't looked at the code to see why smtp is not
> effected, but it is fine)
>
> Another option (less desirable, but effective) would be to add a check to
> config/conf.pl to check if ssl/tls, or port 993, etc... had been specified along
> with 'localhost' as the hostname. In that case conf.pl could warn that the IMAP
> hostname must match the mail certificate CN for authentication to succeed with
> php 5.6+.
I'm not shure this is the whole story on why squirrelmail is not
working. We have been trying since February and Fedora 21 to get it
working again. Using squirrelmail-1.4.22-15.fc21.noarch
We have the following configuration:
Outside web server -> dovecot -> mail server using port 993
We have verified all the certificates and if we use thunderbird all
works fine. Yet squirrelmail configtest fails with:
[root@spruce ~]# firefox /usr/share/squirrelmail/src/configtest.php &
[1] 6998
[root@spruce ~]#
(firefox:6998): GLib-GObject-WARNING **: The property
GtkSettings:gtk-menu-images is deprecated and shouldn't be used anymore.
It will be removed in a future version.
(firefox:6998): GLib-GObject-WARNING **: The property
GtkSettings:gtk-button-images is deprecated and shouldn't be used
anymore. It will be removed in a future version.
PHP Warning: date(): It is not safe to rely on the system's timezone
settings. You are *required* to use the date.timezone setting or the
date_default_timezone_set() function. In case you used any of those
methods and you are still getting this warning, you most likely
misspelled the timezone identifier. We selected the timezone 'UTC' for
now, but please set date.timezone to select your timezone. in
/usr/share/squirrelmail/src/configtest.php on line 80
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed in /usr/share/squirrelmail/src/configtest.php on line 431
PHP Warning: fsockopen(): Failed to enable crypto in
/usr/share/squirrelmail/src/configtest.php on line 431
PHP Warning: fsockopen(): unable to connect to
tls://douglas.highley-recommended.com:993 (Unknown error) in
/usr/share/squirrelmail/src/configtest.php on line 431
>
> Keep fighting the good fight!
>
> --
> David C. Rankin, J.D.,P.E.
>
> ------------------------------------------------------------------------------
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>
--
Regards,
David Highley
Highley Recommended, Inc. Phone: (206) 669-0081
2927 SW 339th Street WEB: http://www.highley-recommended.com
Federal Way, WA 98023-7732
------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
