Hi gents,
I've just upgraded my server to PHP 5.6 and ran straight into the invalid cert issue. It seems that by default, PHP will now check if the certificate is actually valid! That's quite a nice feature but a slight pain when you are mostly dealing with self-signed certificates. Now, I did go ahead and upgrade to an actual valid certificate!
Unfortunately, it seems that when you are using :
$config['default_host'] = 'ssl://localhost'; or $config['smtp_server'] = 'localhost';
The connection will fail because the hostname you provide isn't actually the one registered to the certificate? Now, I did have a workaround by replace 'localhost' by my external FQDN but that's very elegant or efficient. I'd rather see the connection stay internal if I can.
This link https://bbs.archlinux.org/viewtopic.php?id=187063 does seem to provide some solutions and I've tried using :
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verfify_peer_name' => false, ), );
and
$config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
With no results so far. Is there something incredibly obvious that I'm missing?
Here is the error log : IMAP Error: Login failed for x@x from x. Could not connect to ssl://localhost:993: Unknown reason in x/rcube_imap.php on line 184 (POST /?_task=login?_task=login&_action=login)
I appreciate any help on the matter! Thank you
NB: I am *NOT* an SSL guru. But, since SSL is, as I understand it, simply concerned about whether or not the host offers the right certificate for its FQDN, I see no reason why you couldn't have your FQDN in your /etc/hosts file, and have that resolve to 127.0.0.1.
-Ken
On 2014-10-27 20:13, admin wrote:
Hi gents,
I've just upgraded my server to PHP 5.6 and ran straight into the invalid cert issue. It seems that by default, PHP will now check if the certificate is actually valid! That's quite a nice feature but a slight pain when you are mostly dealing with self-signed certificates. Now, I did go ahead and upgrade to an actual valid certificate!
Unfortunately, it seems that when you are using :
$config['default_host'] = 'ssl://localhost'; or $config['smtp_server'] = 'localhost';
The connection will fail because the hostname you provide isn't actually the one registered to the certificate? Now, I did have a workaround by replace 'localhost' by my external FQDN but that's very elegant or efficient. I'd rather see the connection stay internal if I can.
This link [1] does seem to provide some solutions and I've tried using :
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verfify_peer_name' => false, ), );
and
$config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
With no results so far. Is there something incredibly obvious that I'm missing?
Here is the error log : IMAP Error: Login failed for x@x from x. Could not connect to ssl://localhost:993: Unknown reason in x/rcube_imap.php on line 184 (POST /?_task=login?_task=login&_action=login)
I appreciate any help on the matter! Thank you
Links:
[1] https://bbs.archlinux.org/viewtopic.php?id=187063
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
On 10/28/2014 01:13 AM, admin wrote:
Hi gents,
I've just upgraded my server to PHP 5.6 and ran straight into the invalid cert issue. It seems that by default, PHP will now check if the certificate is actually valid! That's quite a nice feature but a slight pain when you are mostly dealing with self-signed certificates. Now, I did go ahead and upgrade to an actual valid certificate!
Some more on this: http://php.net//manual/en/migration56.openssl.php
This link https://bbs.archlinux.org/viewtopic.php?id=187063 does seem to provide some solutions and I've tried using :
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verfify_peer_name' => false,
^^
A typo here.
I'll be damned, that was it!
Thanks a lot!
For anyone who had the same issue, add the following to config.inc.php :
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
$config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
On 10/28/2014 3:35 AM, A.L.E.C wrote:
On 10/28/2014 01:13 AM, admin wrote:
Hi gents,
I've just upgraded my server to PHP 5.6 and ran straight into the invalid cert issue. It seems that by default, PHP will now check if the certificate is actually valid! That's quite a nice feature but a slight pain when you are mostly dealing with self-signed certificates. Now, I did go ahead and upgrade to an actual valid certificate!
Some more on this: http://php.net//manual/en/migration56.openssl.php
This link https://bbs.archlinux.org/viewtopic.php?id=187063 does seem to provide some solutions and I've tried using :
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verfify_peer_name' => false,
^^
A typo here.