MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0011952Tine 2.0Felamimailpublic2016-06-17 16:082017-04-27 09:17
Reporterandyjh1222 
Assigned Topschuele 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformTine 03.3OSubuntu 16.04OS Version
Product VersionEgon Community Edition (2016.03.3) 
Target Version2016.11.7 Egon Business EditionFixed in Version2016.11.7 Egon Business Edition 
Summary0011952: TLS doesn't work with Self-signed
DescriptionImap and SMTP TLS doesn't work with Self-signed servers.

I added the following to Imap.php and Smtp.php and got it to work.

Can you merge into next release with a config option to allow self-signed?

(Felalmimail/Protocol/Imap.php)
(vendor/zendframework/zendframeworks1/library/Zend/Mail/Protocol/Smtp.php)

stream_context_set_option($this->_socket, 'ssl', 'verify_peer', false);
            stream_context_set_option($this->_socket, 'ssl', 'verify_peer_name', false);
            stream_context_set_option($this->_socket, 'ssl', 'allow_self_signed', true);
TagsNo tags attached.
mwticket
Attached Files

- Relationships
duplicate of 0011586resolvedpschuele PHP 5.6 breaks self-signed certificates (in that instance imap) 
related to 0012984assignedpschuele fix config option IMAP_ALLOW_SELF_SIGNED_TLS_CERT 

-  Notes
User avatar (0018190)
lab-at-nohl (developer)
2016-06-17 18:27

Thanks for reporting. This is known behavior for php in version >= 5.6 (see its changelog on php.net [1]). I had this issue in the beginning, too.

Could you please describe a use case where you need a self-signed certificate (cert) without trusting its certificate authority (ca)?

Explanation:

1) Trusted certs can be obtained by startssl or the "let's encrypt" project for free. Including 5 to unlimited subdomains.

2) Even if you stick with your cert you could make your server system trust the ca (which is probably self-signed as well). For details see [2].

3) There MAY BE rare cases where you need to accept one specific cert. But usually not, see [3].

I would propose to close this issue?

Regards
Johannes

[1]: http://php.net/manual/en/migration56.openssl.php [^]

[2]: Beginning with php 5.6 SSL-Certificates are taken and checked from system cert store; this affects self-signed certificates and requests to localhost or directly to the Server-IP. Do NOT use 'localhost'. Make sure your services are still reachable over SSL/TLS and use curl to request the URL in question (curl can connect to IMAP, too) within the same environment as your Tine 2.0 installation is (curl and Tine 2.0 will check certificates against system storage).

[3]: Only if you are not root at your server and you can't change system cert store you may need to patch the sources manually. Otherwise you can always (even if a remote server is using self-signed certs) make your system to accept.
User avatar (0018192)
andyjh1222 (reporter)
2016-06-17 19:02

I use Virtualmin for a lot of webservers/email servers. I just use the generic virtualmin virtual server certificate generation which is self signed.

But yes i could do 0000002...

You can close. I'll just keep adding those lines to my instances.

thank you!
User avatar (0019906)
pschuele (administrator)
2017-04-20 13:34

we'll add this config option soon because we need it for CI testing.
User avatar (0019908)
pschuele (administrator)
2017-04-20 13:35

we also add infrastructure for adding additional socket context options there.
User avatar (0019930)
pschuele (administrator)
2017-04-26 14:12

to disable the certificate validation, you have to set the imap config like this (config.inc.php):

'imap' => array(
     // [...]
     'verifyPeer' => false
)

- Issue History
Date Modified Username Field Change
2016-06-17 16:08 andyjh1222 New Issue
2016-06-17 18:27 lab-at-nohl Note Added: 0018190
2016-06-17 19:02 andyjh1222 Note Added: 0018192
2016-06-17 19:56 lab-at-nohl Relationship added duplicate of 0011586
2017-04-20 13:32 pschuele Assigned To => pschuele
2017-04-20 13:32 pschuele Status new => assigned
2017-04-20 13:34 pschuele Note Added: 0019906
2017-04-20 13:34 pschuele Target Version => 2016.11.7 Egon Business Edition
2017-04-20 13:35 pschuele Note Added: 0019908
2017-04-26 13:34 pschuele Status assigned => resolved
2017-04-26 13:34 pschuele Fixed in Version => 2016.11.7 Egon Business Edition
2017-04-26 13:34 pschuele Resolution open => fixed
2017-04-26 13:37 pschuele Status resolved => gerrit
2017-04-26 14:12 pschuele Note Added: 0019930
2017-04-26 14:12 pschuele Status gerrit => resolved
2017-04-27 09:17 pschuele Issue cloned: 0012984
2017-04-27 09:17 pschuele Relationship added related to 0012984


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker