Quantcast

Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Julien Métairie
Hi list,



I am trying to upgrade my server running Squirrelmail from Debian Wheezy
to Jessie.

IMAP server is Courier-ssl using a self-signed certificate.

Also note that Squirrelmail connects to 192.168.xx.xx, while the
certificate is (auto-)issued to mail.mydomain.com.



After upgrading, configtest.php complains that it couldn't connect to
IMAP server because of a "Server error: (0)".



The following is logged on the web server running Squirrelmail:


PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
Error message:\nerror:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
/usr/share/squirrelmail/src/configtest.php on line 431.




And on the IMAP mail server:


couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca





As far as I understand, PHP 5.6 enforces certificate checking. SM allows
tweaking this checks with $imap_stream_options, but I can't manage to
use it. For testing purpose, I added the following to
/etc/squirrelmail/config_local.php :


$imap_stream_options = array(

        'ssl' => array(

                'verify_peer' => false,

        ),

);



But there is no change with or without this option. I also tried to turn
'allow_self_signed' on, without success.



Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
software are installed from Debian repository.



I went through this thread [1] but didn't understood any final solution.

What did I miss ?



Regards,

Julien



[1]
http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Paul Lesniewski
On 12/14/15, Julien Métairie <[hidden email]> wrote:

> Hi list,
>
>
>
> I am trying to upgrade my server running Squirrelmail from Debian Wheezy
> to Jessie.
>
> IMAP server is Courier-ssl using a self-signed certificate.
>
> Also note that Squirrelmail connects to 192.168.xx.xx, while the
> certificate is (auto-)issued to mail.mydomain.com.
>
>
>
> After upgrading, configtest.php complains that it couldn't connect to
> IMAP server because of a "Server error: (0)".
>
>
>
> The following is logged on the web server running Squirrelmail:
>
>
> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
> Error message:\nerror:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
> /usr/share/squirrelmail/src/configtest.php on line 431.
>
>
>
>
> And on the IMAP mail server:
>
>
> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
>
>
>
>
>
> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
> tweaking this checks with $imap_stream_options, but I can't manage to
> use it. For testing purpose, I added the following to
> /etc/squirrelmail/config_local.php :
>
>
> $imap_stream_options = array(
>
> 'ssl' => array(
>
> 'verify_peer' => false,
>
> ),
>
> );
>
>
>
> But there is no change with or without this option. I also tried to turn
> 'allow_self_signed' on, without success.

You might insert something like this:

sm_print_r('STREAM OPTIONS:', $stream_options);

Around line 763 of functions/imap_general.php

Make sure your settings are being used.

Otherwise, it sounds a little to me like your PHP installation isn't
functioning properly.  Check here for the available options:

http://php.net/manual/en/context.ssl.php

> Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
> software are installed from Debian repository.
>
>
>
> I went through this thread [1] but didn't understood any final solution.
>
> What did I miss ?
>
>
>
> Regards,
>
> Julien
>
>
>
> [1]
> http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html
>

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Dmitry Katsubo
On 26/12/2015 22:52, Paul Lesniewski wrote:

> On 12/14/15, Julien Métairie <[hidden email]> wrote:
>> Hi list,
>>
>> I am trying to upgrade my server running Squirrelmail from Debian Wheezy
>> to Jessie.
>>
>> IMAP server is Courier-ssl using a self-signed certificate.
>>
>> Also note that Squirrelmail connects to 192.168.xx.xx, while the
>> certificate is (auto-)issued to mail.mydomain.com.
>>
>> After upgrading, configtest.php complains that it couldn't connect to
>> IMAP server because of a "Server error: (0)".
>>
>> The following is logged on the web server running Squirrelmail:
>>
>> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
>> Error message:\nerror:14090086:SSL
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
>> /usr/share/squirrelmail/src/configtest.php on line 431.
>>
>> And on the IMAP mail server:
>>
>> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>> alert unknown ca
>>
>> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
>> tweaking this checks with $imap_stream_options, but I can't manage to
>> use it. For testing purpose, I added the following to
>> /etc/squirrelmail/config_local.php :
>>
>> $imap_stream_options = array(
>>
>> 'ssl' => array(
>>
>> 'verify_peer' => false,
>>
>> ),
>>
>> );
>>
>> But there is no change with or without this option. I also tried to turn
>> 'allow_self_signed' on, without success.
>
> You might insert something like this:
>
> sm_print_r('STREAM OPTIONS:', $stream_options);
>
> Around line 763 of functions/imap_general.php
>
> Make sure your settings are being used.
>
> Otherwise, it sounds a little to me like your PHP installation isn't
> functioning properly.  Check here for the available options:
>
> http://php.net/manual/en/context.ssl.php
>
>> Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
>> software are installed from Debian repository.
>>
>> I went through this thread [1] but didn't understood any final solution.
>>
>> What did I miss ?
>>
>> Regards,
>>
>> Julien
>>
>> [1]
>> http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html
I had the same problem and I have created a patch (090_ssl.dpatch) for
squirrelmail v1.5.1. If you don't use self-signed certificate on Cyrus,
then you don't need allow_self_signed=true.

I also attach few other patches (which perhaps are already this way or
another present in upstream):

080_global.php_session.dpatch: Fixes PHP warning about session usage.
081_mail_fetch.functions.php_hex2bin.dpatch: hex2bin() function is
present in PHP
090_ssl.dpatch: Fixes SSL and adds support for self-signed certificates.
091_abook_preg.dpatch: Fixes PHP warning concerning eregi()
099_warnings.dpatch: Fixes other PHP warnings (I am not sure I've done
it right)

--
With best regards,
Dmitry

------------------------------------------------------------------------------

-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

090_ssl.dpatch (5K) Download Attachment
091_abook_preg.dpatch (1K) Download Attachment
099_warnings.dpatch (6K) Download Attachment
080_global.php_session.dpatch (1014 bytes) Download Attachment
081_mail_fetch.functions.php_hex2bin.dpatch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Julien Métairie
-------- Message original --------
Sujet : Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server
after upgrading to PHP 5.6
De : Dmitry Katsubo <[hidden email]>
Pour : Squirrelmail User Support Mailing List
<[hidden email]>
Copie à : Julien Métairie <[hidden email]>
Date : 03/01/2016 22:05

> On 26/12/2015 22:52, Paul Lesniewski wrote:
>> On 12/14/15, Julien Métairie <[hidden email]> wrote:
>>> [...]
>>> The following is logged on the web server running Squirrelmail:
>>>
>>> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
>>> Error message:\nerror:14090086:SSL
>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
>>> /usr/share/squirrelmail/src/configtest.php on line 431.
>>>
>>> And on the IMAP mail server:
>>>
>>> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>> alert unknown ca
>>>
>>> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
>>> tweaking this checks with $imap_stream_options, but I can't manage to
>>> use it. For testing purpose, I added the following to
>>> /etc/squirrelmail/config_local.php :
>>>
>>> $imap_stream_options = array(
>>>
>>> 'ssl' => array(
>>>
>>> 'verify_peer' => false,
>>>
>>> ),
>>>
>>> );
>>>
>>> But there is no change with or without this option. I also tried to turn
>>> 'allow_self_signed' on, without success.
>>
>> You might insert something like this:
>>
>> sm_print_r('STREAM OPTIONS:', $stream_options);
>>
>> Around line 763 of functions/imap_general.php
>>
>> Make sure your settings are being used.
>>
>> Otherwise, it sounds a little to me like your PHP installation isn't
>> functioning properly.  Check here for the available options:
>>
>> http://php.net/manual/en/context.ssl.php
>>

Line 763 is in the middle of function sqimap_get_delimiter() (probably
because we are running different versions of SM), I see no point
checking stream options here.

I tracked stream options in sqimap_login(), just before fsockopen(), but
$stream_options and $imap_stream_options were *not* defined.

Moreover, it appears that no context is passed to fsockopen() :

$imap_stream = @fsockopen($imap_server_address, $imap_port,
$error_number, $error_string, 15);



As far as I understand, stream_socket_client() should be used instead of
fsockopen() and a context should be passed as 6th argument. That's why I
tried the following :

$imap_stream_options = array(
        'tls' => array(
                'verify_peer' => false,
        ),
        'ssl' => array(
                'verify_peer' => false,
         ),
);
$context = stream_context_create($imap_stream_options);
$imap_stream = @stream_socket_client($imap_server_address . ":" .
$imap_port, $error_number, $error_string, 15, STREAM_CLIENT_CONNECT,
$context) or die ("$php_errormsg");



Here is the result :

stream_socket_client(): unable to connect to tls://192.168.218.12:993
(Unknown error)

No luck !

>
> I had the same problem and I have created a patch (090_ssl.dpatch) for
> squirrelmail v1.5.1. If you don't use self-signed certificate on Cyrus,
> then you don't need allow_self_signed=true.
>
> I also attach few other patches (which perhaps are already this way or
> another present in upstream):
>
> 080_global.php_session.dpatch: Fixes PHP warning about session usage.
> 081_mail_fetch.functions.php_hex2bin.dpatch: hex2bin() function is
> present in PHP
> 090_ssl.dpatch: Fixes SSL and adds support for self-signed certificates.
> 091_abook_preg.dpatch: Fixes PHP warning concerning eregi()
> 099_warnings.dpatch: Fixes other PHP warnings (I am not sure I've done
> it right)
>

Thank you for this work. Unfortunately, these patchs are designed for SM
1.5, whereas I run Squirrelmail 1.4 (which seems to be very different).
I didn't manage to make any suitable patch for SM 1.4.
That said, you may want to push them to SourceForge repos. :)

Regards,
Julien


------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Paul Lesniewski
In reply to this post by Dmitry Katsubo
On 1/3/16, Dmitry Katsubo <[hidden email]> wrote:

> On 26/12/2015 22:52, Paul Lesniewski wrote:
>> On 12/14/15, Julien Métairie <[hidden email]> wrote:
>>> Hi list,
>>>
>>> I am trying to upgrade my server running Squirrelmail from Debian Wheezy
>>> to Jessie.
>>>
>>> IMAP server is Courier-ssl using a self-signed certificate.
>>>
>>> Also note that Squirrelmail connects to 192.168.xx.xx, while the
>>> certificate is (auto-)issued to mail.mydomain.com.
>>>
>>> After upgrading, configtest.php complains that it couldn't connect to
>>> IMAP server because of a "Server error: (0)".
>>>
>>> The following is logged on the web server running Squirrelmail:
>>>
>>> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
>>> Error message:\nerror:14090086:SSL
>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
>>> /usr/share/squirrelmail/src/configtest.php on line 431.
>>>
>>> And on the IMAP mail server:
>>>
>>> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>> alert unknown ca
>>>
>>> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
>>> tweaking this checks with $imap_stream_options, but I can't manage to
>>> use it. For testing purpose, I added the following to
>>> /etc/squirrelmail/config_local.php :
>>>
>>> $imap_stream_options = array(
>>>
>>> 'ssl' => array(
>>>
>>> 'verify_peer' => false,
>>>
>>> ),
>>>
>>> );
>>>
>>> But there is no change with or without this option. I also tried to turn
>>> 'allow_self_signed' on, without success.
>>
>> You might insert something like this:
>>
>> sm_print_r('STREAM OPTIONS:', $stream_options);
>>
>> Around line 763 of functions/imap_general.php
>>
>> Make sure your settings are being used.
>>
>> Otherwise, it sounds a little to me like your PHP installation isn't
>> functioning properly.  Check here for the available options:
>>
>> http://php.net/manual/en/context.ssl.php
>>
>>> Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
>>> software are installed from Debian repository.
>>>
>>> I went through this thread [1] but didn't understood any final solution.
>>>
>>> What did I miss ?
>>>
>>> Regards,
>>>
>>> Julien
>>>
>>> [1]
>>> http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html
>
> I had the same problem and I have created a patch (090_ssl.dpatch) for
> squirrelmail v1.5.1. If you don't use self-signed certificate on Cyrus,
> then you don't need allow_self_signed=true.
>
> I also attach few other patches (which perhaps are already this way or
> another present in upstream):

Dmitry, thanks for submitting your patches, but version 1.5.1 is very
outdated and all these issues are fixed in 1.5.2, which I strongly
recommend if you want to run the development stream.

> 080_global.php_session.dpatch: Fixes PHP warning about session usage.
> 081_mail_fetch.functions.php_hex2bin.dpatch: hex2bin() function is
> present in PHP
> 090_ssl.dpatch: Fixes SSL and adds support for self-signed certificates.
> 091_abook_preg.dpatch: Fixes PHP warning concerning eregi()
> 099_warnings.dpatch: Fixes other PHP warnings (I am not sure I've done
> it right)

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Paul Lesniewski
In reply to this post by Julien Métairie
On 1/8/16, Julien Métairie <[hidden email]> wrote:

> -------- Message original --------
> Sujet : Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server
> after upgrading to PHP 5.6
> De : Dmitry Katsubo <[hidden email]>
> Pour : Squirrelmail User Support Mailing List
> <[hidden email]>
> Copie à : Julien Métairie <[hidden email]>
> Date : 03/01/2016 22:05
>
>> On 26/12/2015 22:52, Paul Lesniewski wrote:
>>> On 12/14/15, Julien Métairie <[hidden email]> wrote:
>>>> [...]
>>>> The following is logged on the web server running Squirrelmail:
>>>>
>>>> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
>>>> Error message:\nerror:14090086:SSL
>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
>>>> /usr/share/squirrelmail/src/configtest.php on line 431.
>>>>
>>>> And on the IMAP mail server:
>>>>
>>>> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>>> alert unknown ca
>>>>
>>>> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
>>>> tweaking this checks with $imap_stream_options, but I can't manage to
>>>> use it. For testing purpose, I added the following to
>>>> /etc/squirrelmail/config_local.php :
>>>>
>>>> $imap_stream_options = array(
>>>>
>>>> 'ssl' => array(
>>>>
>>>> 'verify_peer' => false,
>>>>
>>>> ),
>>>>
>>>> );
>>>>
>>>> But there is no change with or without this option. I also tried to turn
>>>> 'allow_self_signed' on, without success.
>>>
>>> You might insert something like this:
>>>
>>> sm_print_r('STREAM OPTIONS:', $stream_options);
>>>
>>> Around line 763 of functions/imap_general.php
>>>
>>> Make sure your settings are being used.
>>>
>>> Otherwise, it sounds a little to me like your PHP installation isn't
>>> functioning properly.  Check here for the available options:
>>>
>>> http://php.net/manual/en/context.ssl.php
>>>
>
> Line 763 is in the middle of function sqimap_get_delimiter() (probably
> because we are running different versions of SM), I see no point
> checking stream options here.

If you are using some version provided by Debian, please direct your
inquiry to them.

> I tracked stream options in sqimap_login(), just before fsockopen(), but
> $stream_options and $imap_stream_options were *not* defined.
>
> Moreover, it appears that no context is passed to fsockopen() :
>
> $imap_stream = @fsockopen($imap_server_address, $imap_port,
> $error_number, $error_string, 15);
>
>
>
> As far as I understand, stream_socket_client() should be used instead of
> fsockopen() and a context should be passed as 6th argument.

Yes, and if you do not find stream_socket_client() inside a function
called sqimap_create_stream() that is used as an alternative to
fsockopen(), then you are certainly using outdated code that we here
do not support.

> That's why I tried the following :
>
> $imap_stream_options = array(
> 'tls' => array(
> 'verify_peer' => false,
> ),
> 'ssl' => array(
> 'verify_peer' => false,
>          ),
> );
> $context = stream_context_create($imap_stream_options);
> $imap_stream = @stream_socket_client($imap_server_address . ":" .
> $imap_port, $error_number, $error_string, 15, STREAM_CLIENT_CONNECT,
> $context) or die ("$php_errormsg");
>
>
>
> Here is the result :
>
> stream_socket_client(): unable to connect to tls://192.168.218.12:993
> (Unknown error)

Your code looks reasonable.  If it didn't work, check all inputs to
each function and if it looks proper, it would seem you have some
issue with your PHP installation or the server you are connecting to.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Dmitry Katsubo
In reply to this post by Julien Métairie
On 08/01/2016 18:32, Julien Métairie wrote:

> As far as I understand, stream_socket_client() should be used instead of
> fsockopen() and a context should be passed as 6th argument. That's why I
> tried the following :
>
> $imap_stream_options = array(
>     'tls' => array(
>         'verify_peer' => false,
>     ),
>     'ssl' => array(
>         'verify_peer' => false,
>         ),
> );
> $context = stream_context_create($imap_stream_options);
> $imap_stream = @stream_socket_client($imap_server_address ...);

I haven't checked the complete sources (and I am neither king on PHP),
but as far as I see from my patch, the options should be set on the
stream. You basically need to apply the function which I define in my
patch on the stream (hence you don't need $imap_stream_options):

$imap_stream = @stream_socket_client($imap_server_address ...);
sqenable_ssl($imap_stream);

> Thank you for this work. Unfortunately, these patchs are designed for SM
> 1.5, whereas I run Squirrelmail 1.4 (which seems to be very different).
> I didn't manage to make any suitable patch for SM 1.4.
> That said, you may want to push them to SourceForge repos. :)

That was one of the reasons why I stopped using SquirrelMail: v1.5.x was
in Debian experimental repo, but not developing. Maybe SSL was
backported to 1.4.x since then, but at that moment it was the only
version that supported SSL for IMAP.

--
With best regards,
Dmitry

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Paul Lesniewski
On 1/9/16, Dmitry Katsubo <[hidden email]> wrote:

> On 08/01/2016 18:32, Julien Métairie wrote:
>> As far as I understand, stream_socket_client() should be used instead of
>> fsockopen() and a context should be passed as 6th argument. That's why I
>> tried the following :
>>
>> $imap_stream_options = array(
>>     'tls' => array(
>>         'verify_peer' => false,
>>     ),
>>     'ssl' => array(
>>         'verify_peer' => false,
>>         ),
>> );
>> $context = stream_context_create($imap_stream_options);
>> $imap_stream = @stream_socket_client($imap_server_address ...);
>
> I haven't checked the complete sources (and I am neither king on PHP),
> but as far as I see from my patch, the options should be set on the
> stream. You basically need to apply the function which I define in my
> patch on the stream (hence you don't need $imap_stream_options):

No patch is needed unless one is running outdated code.

> $imap_stream = @stream_socket_client($imap_server_address ...);
> sqenable_ssl($imap_stream);
>
>> Thank you for this work. Unfortunately, these patchs are designed for SM
>> 1.5, whereas I run Squirrelmail 1.4 (which seems to be very different).
>> I didn't manage to make any suitable patch for SM 1.4.
>> That said, you may want to push them to SourceForge repos. :)
>
> That was one of the reasons why I stopped using SquirrelMail: v1.5.x was
> in Debian experimental repo, but not developing. Maybe SSL was
> backported to 1.4.x since then, but at that moment it was the only
> version that supported SSL for IMAP.

Yes, 1.4.x has SSL support, but your use of 1.5.1 is highly
discouraged.  Please upgrade to 1.5.2 if you want to use 1.5.x.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Dmitry Katsubo
On 09/01/2016 22:54, Paul Lesniewski wrote:

>> I haven't checked the complete sources (and I am neither king on PHP),
>> but as far as I see from my patch, the options should be set on the
>> stream. You basically need to apply the function which I define in my
>> patch on the stream (hence you don't need $imap_stream_options):
>
> No patch is needed unless one is running outdated code.
>
>> $imap_stream = @stream_socket_client($imap_server_address ...);
>> sqenable_ssl($imap_stream);
>>
>>> Thank you for this work. Unfortunately, these patchs are designed for SM
>>> 1.5, whereas I run Squirrelmail 1.4 (which seems to be very different).
>>> I didn't manage to make any suitable patch for SM 1.4.
>>> That said, you may want to push them to SourceForge repos. :)
>>
>> That was one of the reasons why I stopped using SquirrelMail: v1.5.x was
>> in Debian experimental repo, but not developing. Maybe SSL was
>> backported to 1.4.x since then, but at that moment it was the only
>> version that supported SSL for IMAP.
>
> Yes, 1.4.x has SSL support, but your use of 1.5.1 is highly
> discouraged.  Please upgrade to 1.5.2 if you want to use 1.5.x.

Thanks for the information. Was v1.5.2 ever released? Maybe that is
preventing the package to appear in Debian repo.

--
With best regards,
Dmitry

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Julien Métairie
Le 10/01/2016 22:11, Dmitry Katsubo a écrit :

> On 09/01/2016 22:54, Paul Lesniewski wrote:
>>> I haven't checked the complete sources (and I am neither king on PHP),
>>> but as far as I see from my patch, the options should be set on the
>>> stream. You basically need to apply the function which I define in my
>>> patch on the stream (hence you don't need $imap_stream_options):
>>
>> No patch is needed unless one is running outdated code.
>>
>>> $imap_stream = @stream_socket_client($imap_server_address ...);
>>> sqenable_ssl($imap_stream);
>>>
>>>> Thank you for this work. Unfortunately, these patchs are designed for SM
>>>> 1.5, whereas I run Squirrelmail 1.4 (which seems to be very different).
>>>> I didn't manage to make any suitable patch for SM 1.4.
>>>> That said, you may want to push them to SourceForge repos. :)
>>>
>>> That was one of the reasons why I stopped using SquirrelMail: v1.5.x was
>>> in Debian experimental repo, but not developing. Maybe SSL was
>>> backported to 1.4.x since then, but at that moment it was the only
>>> version that supported SSL for IMAP.
>>
>> Yes, 1.4.x has SSL support, but your use of 1.5.1 is highly
>> discouraged.  Please upgrade to 1.5.2 if you want to use 1.5.x.
>
> Thanks for the information. Was v1.5.2 ever released? Maybe that is
> preventing the package to appear in Debian repo.
>

According to SM website, 1.5.2 is the development version. Stable
version is stuck at 1.4.22.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6

Julien Métairie
In reply to this post by Paul Lesniewski
Le 09/01/2016 20:31, Paul Lesniewski a écrit :

> On 1/8/16, Julien Métairie <[hidden email]> wrote:
>
> If you are using some version provided by Debian, please direct your
> inquiry to them.
>
> [...]
>
> Yes, and if you do not find stream_socket_client() inside a function
> called sqimap_create_stream() that is used as an alternative to
> fsockopen(), then you are certainly using outdated code that we here
> do not support.
>

No matter if my version is provided by Debian, as the stable version
available at SM website is still 1.4.22, which does not support TLS context.
Anyway, it's a pain that Debian repo version (1.4.23~svn20120406) is too
old.

I think I will use 1.4.23-svn until a newer version is included in
Debian (or backported).

Regards,
Julien

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Loading...