Re: [RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6

Thu, 10 Aug 2017 10:00:54 -0700

I had the same problems until a saint suggested me to stop using self signed certificates and start using Let's Encrypt. It's completely free and you can create a strong signed certificates in minutes. 
There are also several ways to create an automatic renewal process.
I switched from self signed certificates to strong certificate signed by an authority for free in less than an hour. 

This guide has everything you need to know.
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates

Bye
Davide
In data 10 agosto 2017 3:46:12 PM Ralph Seichter <[email protected]> ha scritto: 


With Roundcube 1.3.0 and PHP 5.6.31, I keep seeing errors like the
following in my logs:

  Aug 10 11:00:31 myhost roundcube: <0ho1kdmf> IMAP Error:
  Login failed for username from [ip-address]. Could not connect
  to ssl://imap.some.domain:993: Unknown reason in
  /var/www/roundcubemail/program/lib/Roundcube/rcube_imap.php
  on line 196 (POST /rcm/?_task=login&_action=login)

Outgoing SMTP TLS connections from Roundcube are affected, too. This is
probably caused by how PHP 5.6 verifies certificates. I have tried
configuring openssl.cafile=/etc/ssl/certs/ca-certificates.crt and/or
openssl.capath=/etc/ssl/certs in php.ini with world-readable certificate
chains, but no dice. I am positive that the IMAP and SMTP servers
(Dovecot and Postfix, respectively) are configured correctly, because
MUAs like Thunderbird or iOS Mail connect successfully.

When I include the following workaround in config.inc.php Roundcube can
connect to the IMAP server:

  $config['default_host'] = 'ssl://imap.some.domain';
  $config['imap_conn_options'] = array(
    'ssl' => array(
      'verify_peer' => false,
    ),
  );

Does anybody here know how to debug and fix this? Other people seem to
have this problem as well, but disabling peer verification was the only
recommendation I could find so far, and for obvious reasons I would like
to avoid that.

-Ralph
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users


_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users

Reply via email to