Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 1/3/16, Dmitry Katsubo <dma_k@xxxxxxx> wrote:
> On 26/12/2015 22:52, Paul Lesniewski wrote:
>> On 12/14/15, Julien Métairie <ruliane@xxxxxxxxxxx> wrote:
>>> Hi list,
>>> I am trying to upgrade my server running Squirrelmail from Debian Wheezy
>>> to Jessie.
>>> IMAP server is Courier-ssl using a self-signed certificate.
>>> Also note that Squirrelmail connects to 192.168.xx.xx, while the
>>> certificate is (auto-)issued to
>>> After upgrading, configtest.php complains that it couldn't connect to
>>> IMAP server because of a "Server error: (0)".
>>> The following is logged on the web server running Squirrelmail:
>>> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
>>> Error message:\nerror:14090086:SSL
>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
>>> /usr/share/squirrelmail/src/configtest.php on line 431.
>>> And on the IMAP mail server:
>>> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>> alert unknown ca
>>> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
>>> tweaking this checks with $imap_stream_options, but I can't manage to
>>> use it. For testing purpose, I added the following to
>>> /etc/squirrelmail/config_local.php :
>>> $imap_stream_options = array(
>>> 	'ssl' => array(
>>> 		'verify_peer' => false,
>>> 	),
>>> );
>>> But there is no change with or without this option. I also tried to turn
>>> 'allow_self_signed' on, without success.
>> You might insert something like this:
>> sm_print_r('STREAM OPTIONS:', $stream_options);
>> Around line 763 of functions/imap_general.php
>> Make sure your settings are being used.
>> Otherwise, it sounds a little to me like your PHP installation isn't
>> functioning properly.  Check here for the available options:
>>> Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
>>> software are installed from Debian repository.
>>> I went through this thread [1] but didn't understood any final solution.
>>> What did I miss ?
>>> Regards,
>>> Julien
>>> [1]
> I had the same problem and I have created a patch (090_ssl.dpatch) for
> squirrelmail v1.5.1. If you don't use self-signed certificate on Cyrus,
> then you don't need allow_self_signed=true.
> I also attach few other patches (which perhaps are already this way or
> another present in upstream):

Dmitry, thanks for submitting your patches, but version 1.5.1 is very
outdated and all these issues are fixed in 1.5.2, which I strongly
recommend if you want to run the development stream.

> 080_global.php_session.dpatch: Fixes PHP warning about session usage.
> 081_mail_fetch.functions.php_hex2bin.dpatch: hex2bin() function is
> present in PHP
> 090_ssl.dpatch: Fixes SSL and adds support for self-signed certificates.
> 091_abook_preg.dpatch: Fixes PHP warning concerning eregi()
> 099_warnings.dpatch: Fixes other PHP warnings (I am not sure I've done
> it right)

Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
squirrelmail-users mailing list
Posting guidelines:
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives:
List info (subscribe/unsubscribe/change options):

[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux