Hi list,
I am trying to upgrade my server running Squirrelmail from Debian Wheezy
to Jessie.
IMAP server is Courier-ssl using a self-signed certificate.
Also note that Squirrelmail connects to 192.168.xx.xx, while the
certificate is (auto-)issued to mail.mydomain.com.
After upgrading, configtest.php complains that it couldn't connect to
IMAP server because of a "Server error: (0)".
The following is logged on the web server running Squirrelmail:
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
Error message:\nerror:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
/usr/share/squirrelmail/src/configtest.php on line 431.
And on the IMAP mail server:
couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
As far as I understand, PHP 5.6 enforces certificate checking. SM allows
tweaking this checks with $imap_stream_options, but I can't manage to
use it. For testing purpose, I added the following to
/etc/squirrelmail/config_local.php :
$imap_stream_options = array(
'ssl' => array(
'verify_peer' => false,
),
);
But there is no change with or without this option. I also tried to turn
'allow_self_signed' on, without success.
Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
software are installed from Debian repository.
I went through this thread [1] but didn't understood any final solution.
What did I miss ?
Regards,
Julien
[1]
http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html
------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [email protected]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
