On 12/14/15, Julien Métairie <ruliane@xxxxxxxxxxx> wrote:
> Hi list,
>
>
>
> I am trying to upgrade my server running Squirrelmail from Debian Wheezy
> to Jessie.
>
> IMAP server is Courier-ssl using a self-signed certificate.
>
> Also note that Squirrelmail connects to 192.168.xx.xx, while the
> certificate is (auto-)issued to mail.mydomain.com.
>
>
>
> After upgrading, configtest.php complains that it couldn't connect to
> IMAP server because of a "Server error: (0)".
>
>
>
> The following is logged on the web server running Squirrelmail:
>
>
> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
> Error message:\nerror:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
> /usr/share/squirrelmail/src/configtest.php on line 431.
>
>
>
>
> And on the IMAP mail server:
>
>
> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
>
>
>
>
>
> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
> tweaking this checks with $imap_stream_options, but I can't manage to
> use it. For testing purpose, I added the following to
> /etc/squirrelmail/config_local.php :
>
>
> $imap_stream_options = array(
>
> 'ssl' => array(
>
> 'verify_peer' => false,
>
> ),
>
> );
>
>
>
> But there is no change with or without this option. I also tried to turn
> 'allow_self_signed' on, without success.
You might insert something like this:
sm_print_r('STREAM OPTIONS:', $stream_options);
Around line 763 of functions/imap_general.php
Make sure your settings are being used.
Otherwise, it sounds a little to me like your PHP installation isn't
functioning properly. Check here for the available options:
http://php.net/manual/en/context.ssl.php
> Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
> software are installed from Debian repository.
>
>
>
> I went through this thread [1] but didn't understood any final solution.
>
> What did I miss ?
>
>
>
> Regards,
>
> Julien
>
>
>
> [1]
> http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html
>
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
