On 06/14/2015 07:05 PM, David C. Rankin wrote:
> Checking outgoing mail service....
> SMTP server OK (220 phoinix.rlfpllc.com ESMTP Postfix)
>
> I think you have nailed the issue as a 'ca' problem which makes sense with
> the error: 'tlsv1 alert unknown ca: SSL alert number 48'. Let me know when you
> have a chance to look into this. I'm happy to do the digging.
I think I have made progress. It looks like the problem is with the way
squirrelmail handles the certificate check. I made several changes and how
configtest.php gives the following error:
Warning: fsockopen(): Peer certificate CN=`*.rlfpllc.com' did not match
expected
CN=`localhost' in /srv/http/htdocs/squirrelmail_501/src/configtest.php on line
740 Warning: fsockopen(): Failed to enable crypto in
/srv/http/htdocs/squirrelmail_501/src/configtest.php on line 740 Warning:
fsockopen(): unable to connect to tls://localhost:993 (Unknown error) in
/srv/http/htdocs/squirrelmail_501/src/configtest.php on line 740
Seeing the CN mismatch, I set config_local.php with 'verify_peer' => false:
$imap_stream_options = array(
'ssl' => array(
'cafile' => '/etc/ca-certificates/extracted/tls-ca-bundle.pem',
'verify_peer' => false,
'verify_depth' => 3,
),
);
However, that made no difference. (*Note:* with php 5.6+ the default for
verify_peer is now 'true' -- I don't know if that prevents override in
config_local.php) Let me know when you have some time and I'm glad to help.
--
David C. Rankin, J.D.,P.E.
------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [email protected]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
