On 1/8/16, Julien Métairie <ruliane@xxxxxxxxxxx> wrote:
> -------- Message original --------
> Sujet : Re: Squirrelmail does not connect to SSL IMAP server
> after upgrading to PHP 5.6
> De : Dmitry Katsubo <dma_k@xxxxxxx>
> Pour : Squirrelmail User Support Mailing List
> <squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx>
> Copie à : Julien Métairie <ruliane@xxxxxxxxxxx>
> Date : 03/01/2016 22:05
>
>> On 26/12/2015 22:52, Paul Lesniewski wrote:
>>> On 12/14/15, Julien Métairie <ruliane@xxxxxxxxxxx> wrote:
>>>> [...]
>>>> The following is logged on the web server running Squirrelmail:
>>>>
>>>> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
>>>> Error message:\nerror:14090086:SSL
>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
>>>> /usr/share/squirrelmail/src/configtest.php on line 431.
>>>>
>>>> And on the IMAP mail server:
>>>>
>>>> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>>> alert unknown ca
>>>>
>>>> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
>>>> tweaking this checks with $imap_stream_options, but I can't manage to
>>>> use it. For testing purpose, I added the following to
>>>> /etc/squirrelmail/config_local.php :
>>>>
>>>> $imap_stream_options = array(
>>>>
>>>> 'ssl' => array(
>>>>
>>>> 'verify_peer' => false,
>>>>
>>>> ),
>>>>
>>>> );
>>>>
>>>> But there is no change with or without this option. I also tried to turn
>>>> 'allow_self_signed' on, without success.
>>>
>>> You might insert something like this:
>>>
>>> sm_print_r('STREAM OPTIONS:', $stream_options);
>>>
>>> Around line 763 of functions/imap_general.php
>>>
>>> Make sure your settings are being used.
>>>
>>> Otherwise, it sounds a little to me like your PHP installation isn't
>>> functioning properly. Check here for the available options:
>>>
>>> http://php.net/manual/en/context.ssl.php
>>>
>
> Line 763 is in the middle of function sqimap_get_delimiter() (probably
> because we are running different versions of SM), I see no point
> checking stream options here.
If you are using some version provided by Debian, please direct your
inquiry to them.
> I tracked stream options in sqimap_login(), just before fsockopen(), but
> $stream_options and $imap_stream_options were *not* defined.
>
> Moreover, it appears that no context is passed to fsockopen() :
>
> $imap_stream = @fsockopen($imap_server_address, $imap_port,
> $error_number, $error_string, 15);
>
>
>
> As far as I understand, stream_socket_client() should be used instead of
> fsockopen() and a context should be passed as 6th argument.
Yes, and if you do not find stream_socket_client() inside a function
called sqimap_create_stream() that is used as an alternative to
fsockopen(), then you are certainly using outdated code that we here
do not support.
> That's why I tried the following :
>
> $imap_stream_options = array(
> 'tls' => array(
> 'verify_peer' => false,
> ),
> 'ssl' => array(
> 'verify_peer' => false,
> ),
> );
> $context = stream_context_create($imap_stream_options);
> $imap_stream = @stream_socket_client($imap_server_address . ":" .
> $imap_port, $error_number, $error_string, 15, STREAM_CLIENT_CONNECT,
> $context) or die ("$php_errormsg");
>
>
>
> Here is the result :
>
> stream_socket_client(): unable to connect to tls://192.168.218.12:993
> (Unknown error)
Your code looks reasonable. If it didn't work, check all inputs to
each function and if it looks proper, it would seem you have some
issue with your PHP installation or the server you are connecting to.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
