Ralph Seichter <m16+roundc...@monksofcool.net> wrote:

> With Roundcube 1.3.0 and PHP 5.6.31, I keep seeing errors like the
> following in my logs:
> 
> Aug 10 11:00:31 myhost roundcube: <0ho1kdmf> IMAP Error:
> Login failed for username from [ip-address]. Could not connect
> to ssl://imap.some.domain:993: Unknown reason in
> /var/www/roundcubemail/program/lib/Roundcube/rcube_imap.php
> on line 196 (POST /rcm/?_task=login&_action=login)
> 
> Outgoing SMTP TLS connections from Roundcube are affected, too. This is
> probably caused by how PHP 5.6 verifies certificates. I have tried
> configuring openssl.cafile=/etc/ssl/certs/ca-certificates.crt and/or
> openssl.capath=/etc/ssl/certs in php.ini with world-readable certificate
> chains, but no dice. I am positive that the IMAP and SMTP servers
> (Dovecot and Postfix, respectively) are configured correctly, because
> MUAs like Thunderbird or iOS Mail connect successfully.
> 
> When I include the following workaround in config.inc.php Roundcube can
> connect to the IMAP server:
> 
> $config['default_host'] = 'ssl://imap.some.domain';
> $config['imap_conn_options'] = array(
> 'ssl' => array(
>  'verify_peer' => false,
> ),
> );
> 
> Does anybody here know how to debug and fix this? Other people seem to
> have this problem as well, but disabling peer verification was the only
> recommendation I could find so far, and for obvious reasons I would like
> to avoid that.

I did struggle for a long time as well ;-)

Here's my "HOWTO" in config.inc.php, and please note, that my roundcube/nginx 
and both postfix/dovecot(10.10.10.2) run in different FreeBSD jails. Thus you 
might need to stick with localhost:

// GRIMM (howto)
//
//      ssl:    explicit SSL
//      tls:    implicit STARTTLS
//
//      peer_name:
//              openssl s_client -connect 10.10.10.2:993 will show Common Name 
(CN)
//              of peer's certificate, and that name will become peer_name
//
//      IMPORTANT: pkg install ca_root_nss
//
// GRIMM (modified from 'localhost')
$config['default_host'] = 'ssl://10.10.10.2';
// GRIMM (end)

// GRIMM (added)
$config['imap_conn_options'] = array(
    'ssl' => array(
            'peer_name' => 'my-peer-name-shown-from-command-above',
    ),
);
// GRIMM (end)

// TCP port used for IMAP connections
// GRIMM (modified from 143)
$config['default_port'] = 993;
// GRIMM (end)

// SMTP server host (for sending mails).
// GRIMM (modified from '')
$config['smtp_server'] = 'tls://10.10.10.2';
// GRIMM (end)

// GRIMM (added)
$config['smtp_conn_options'] = array(
    'ssl' => array(
            'peer_name' => 'my-peer-name-shown-from-command-above',
    ),
);
// GRIMM (end)

// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
// GRIMM (modified from 25)
$config['smtp_port'] = 587;
// GRIMM (end)


HTH and regards,
Michael



_______________________________________________
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Reply via email to