Re: [RCU] roundcube custom tls verification options
On 09.04.2018 02:37, David Mehler wrote: > what I'm wanting to do is tighten my tls verification options. My > domains each use a different letsencrypt certificate. Depending on your platform, you could do without any special Roundube configuration. With modern Linux distributions like Gentoo this works: 1. Download LE root CA cert from https://letsencrypt.org/certificates/ 2. Save cert in /usr/local/share/ca-certificates (you might need to create this directory) with '.crt' name suffix. (*) 3. Run 'update-ca-certificates --fresh' as root. 4. Restart your web server. With that, Let's Encrypt is configured as a locally trusted CA for libssl, and in the Roundube configuration only $config['default_host'] = 'ssl://imap.horus-it.com'; is then required, if you match the host name of your certificate. This method benefits any process on your server that uses libssl. -Ralph (*) See 'man 8 update-ca-certificates'. ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] roundcube custom tls verification options
Hello, Thanks for everyone's replies. What is wrong with this code? I keep getting a syntax error, it wants a ) not a , Thanks. Dave. array( 'verify_peer' => true, // certificate is not self-signed if cafile provided 'allow_self_signed' => false, // Letsencrypt 'ssl_cert => '/path/to/letsencrypt/fullchain.pem' 'ssl_key' => '/path/to/letsencrypt/privkey.pem', 'ciphers' => 'TLSv1.2:@STRENGTH', 'peer_name' => 'imap.domain.com', ) ); // For STARTTLS SMTP $config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, // certificate is not self-signed if cafile provided 'allow_self_signed' => false, // Letsencrypt 'ssl_cert => '/path/to/letsencrypt/fullchain.pem', 'ssl_key' => '/path/to/letsencrypt/privkey.pem', 'ciphers' => 'TLSv1.2:@STRENGTH', 'peer_name' => 'smtp.domain.com', ), ); On 4/9/18, Ralph Seichter wrote: > On 09.04.2018 02:37, David Mehler wrote: > >> what I'm wanting to do is tighten my tls verification options. My >> domains each use a different letsencrypt certificate. > > Depending on your platform, you could do without any special Roundube > configuration. With modern Linux distributions like Gentoo this works: > > 1. Download LE root CA cert from https://letsencrypt.org/certificates/ > 2. Save cert in /usr/local/share/ca-certificates (you might need to > create this directory) with '.crt' name suffix. (*) > 3. Run 'update-ca-certificates --fresh' as root. > 4. Restart your web server. > > With that, Let's Encrypt is configured as a locally trusted CA for > libssl, and in the Roundube configuration only > > $config['default_host'] = 'ssl://imap.horus-it.com'; > > is then required, if you match the host name of your certificate. This > method benefits any process on your server that uses libssl. > > -Ralph > > (*) See 'man 8 update-ca-certificates'. > ___ > Roundcube Users mailing list > users@lists.roundcube.net > http://lists.roundcube.net/mailman/listinfo/users > ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] Roundcube Carddav and Enigma plugins
Hello, Whenever I enable carddav plugin it's looking like a dns error. Here's what I'm getting in the error log: [09-Apr-2018 12:22:06 America/New_York] PHP Warning: dns_get_record(): DNS Query failed in /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line 207 [09-Apr-2018 12:22:06 America/New_York] PHP Warning: usort() expects parameter 1 to be array, boolean given in /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line 220 [09-Apr-2018 12:22:06 America/New_York] PHP Warning: Invalid argument supplied for foreach() in /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line 224 [09-Apr-2018 12:22:06 America/New_York] PHP Warning: dns_get_record(): DNS Query failed in /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line 252 [09-Apr-2018 12:22:06 America/New_York] PHP Warning: Invalid argument supplied for foreach() in /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line 253 Any suggestions welcome. I am running my own local resolving dns. Thanks. Dave. On 4/9/18, A.L.E.C wrote: > On 09.04.2018 02:40, David Mehler wrote: >> Hello, >> >> I'm wanting to get the carddav and enigma plugins going. >> >> When I turn on carddav then attempt a log in I get a blank screen. > > There's usually an error in some log in such cases. > >> Whenever I turn on enigma I am wanting to make keys, this does not >> appear possible. > > What do you mean? Do you get some error message? What's in log? Or > controls are disabled? Or what? > > -- > Aleksander 'A.L.E.C' Machniak > Kolab Groupware Developer [http://kolab.org] > Roundcube Webmail Developer [http://roundcube.net] > > PGP: 19359DC1 # Blog: https://kolabian.wordpress.com > ___ > Roundcube Users mailing list > users@lists.roundcube.net > http://lists.roundcube.net/mailman/listinfo/users > ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] Roundcube Carddav and Enigma plugins
Hello, Whenever I go to settings then pgp keys and try to create a keypair (using IE11) I get the message can not create keypair browser does not support cryptography. Serverside I'm using gnupg 2.25. Using firefox keypair generated and was imported successfully. I'm wondering if there's an ie11 fix as some of my clients will undoubtedly use it. Thanks. Dave. On 4/9/18, David Mehler wrote: > Hello, > > Whenever I enable carddav plugin it's looking like a dns error. Here's > what I'm getting in the error log: > > [09-Apr-2018 12:22:06 America/New_York] PHP Warning: > dns_get_record(): DNS Query failed in > /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line > 207 > [09-Apr-2018 12:22:06 America/New_York] PHP Warning: usort() expects > parameter 1 to be array, boolean given in > /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line > 220 > [09-Apr-2018 12:22:06 America/New_York] PHP Warning: Invalid argument > supplied for foreach() in > /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line > 224 > [09-Apr-2018 12:22:06 America/New_York] PHP Warning: > dns_get_record(): DNS Query failed in > /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line > 252 > [09-Apr-2018 12:22:06 America/New_York] PHP Warning: Invalid argument > supplied for foreach() in > /usr/local/www/roundcube/plugins/carddav/carddav_discovery.php on line > 253 > > > Any suggestions welcome. I am running my own local resolving dns. > > Thanks. > Dave. > > > On 4/9/18, A.L.E.C wrote: >> On 09.04.2018 02:40, David Mehler wrote: >>> Hello, >>> >>> I'm wanting to get the carddav and enigma plugins going. >>> >>> When I turn on carddav then attempt a log in I get a blank screen. >> >> There's usually an error in some log in such cases. >> >>> Whenever I turn on enigma I am wanting to make keys, this does not >>> appear possible. >> >> What do you mean? Do you get some error message? What's in log? Or >> controls are disabled? Or what? >> >> -- >> Aleksander 'A.L.E.C' Machniak >> Kolab Groupware Developer [http://kolab.org] >> Roundcube Webmail Developer [http://roundcube.net] >> >> PGP: 19359DC1 # Blog: https://kolabian.wordpress.com >> ___ >> Roundcube Users mailing list >> users@lists.roundcube.net >> http://lists.roundcube.net/mailman/listinfo/users >> > ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] Roundcube Carddav and Enigma plugins
On 10.04.2018 00:10, David Mehler wrote: > Hello, > > Whenever I go to settings then pgp keys and try to create a keypair > (using IE11) I get the message can not create keypair browser does not > support cryptography. Serverside I'm using gnupg 2.25. > > Using firefox keypair generated and was imported successfully. > > I'm wondering if there's an ie11 fix as some of my clients will > undoubtedly use it. We check for window.crypto support here https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/enigma.js#L154 IE11 supports this functionality via window.msCrypto. So, maybe the solution would be to just change the check. I'm not sure if there's anything more to do to make openpgpjs library we use working in IE11. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] PGP: 19359DC1 # Blog: https://kolabian.wordpress.com ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users