View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0011952||Tine 2.0||Felamimail||public||2016-06-17 16:08||2017-04-27 09:17|
|Platform||Tine 03.3||OS||ubuntu 16.04||OS Version|
|Product Version||Egon Community Edition (2016.03.3)|
|Target Version||2016.11.7 Egon Business Edition||Fixed in Version||2016.11.7 Egon Business Edition|
|Summary||0011952: TLS doesn't work with Self-signed|
|Description||Imap and SMTP TLS doesn't work with Self-signed servers.|
I added the following to Imap.php and Smtp.php and got it to work.
Can you merge into next release with a config option to allow self-signed?
stream_context_set_option($this->_socket, 'ssl', 'verify_peer', false);
stream_context_set_option($this->_socket, 'ssl', 'verify_peer_name', false);
stream_context_set_option($this->_socket, 'ssl', 'allow_self_signed', true);
|Tags||No tags attached.|
Thanks for reporting. This is known behavior for php in version >= 5.6 (see its changelog on php.net ). I had this issue in the beginning, too.
Could you please describe a use case where you need a self-signed certificate (cert) without trusting its certificate authority (ca)?
1) Trusted certs can be obtained by startssl or the "let's encrypt" project for free. Including 5 to unlimited subdomains.
2) Even if you stick with your cert you could make your server system trust the ca (which is probably self-signed as well). For details see .
3) There MAY BE rare cases where you need to accept one specific cert. But usually not, see .
I would propose to close this issue?
: Beginning with php 5.6 SSL-Certificates are taken and checked from system cert store; this affects self-signed certificates and requests to localhost or directly to the Server-IP. Do NOT use 'localhost'. Make sure your services are still reachable over SSL/TLS and use curl to request the URL in question (curl can connect to IMAP, too) within the same environment as your Tine 2.0 installation is (curl and Tine 2.0 will check certificates against system storage).
: Only if you are not root at your server and you can't change system cert store you may need to patch the sources manually. Otherwise you can always (even if a remote server is using self-signed certs) make your system to accept.
I use Virtualmin for a lot of webservers/email servers. I just use the generic virtualmin virtual server certificate generation which is self signed.
But yes i could do 0000002...
You can close. I'll just keep adding those lines to my instances.
|we'll add this config option soon because we need it for CI testing.|
|we also add infrastructure for adding additional socket context options there.|
to disable the certificate validation, you have to set the imap config like this (config.inc.php):
'imap' => array(
'verifyPeer' => false
|2016-06-17 16:08||andyjh1222||New Issue|
|2016-06-17 18:27||lab-at-nohl||Note Added: 0018190|
|2016-06-17 19:02||andyjh1222||Note Added: 0018192|
|2016-06-17 19:56||lab-at-nohl||Relationship added||duplicate of 0011586|
|2017-04-20 13:32||pschuele||Assigned To||=> pschuele|
|2017-04-20 13:32||pschuele||Status||new => assigned|
|2017-04-20 13:34||pschuele||Note Added: 0019906|
|2017-04-20 13:34||pschuele||Target Version||=> 2016.11.7 Egon Business Edition|
|2017-04-20 13:35||pschuele||Note Added: 0019908|
|2017-04-26 13:34||pschuele||Status||assigned => resolved|
|2017-04-26 13:34||pschuele||Fixed in Version||=> 2016.11.7 Egon Business Edition|
|2017-04-26 13:34||pschuele||Resolution||open => fixed|
|2017-04-26 13:37||pschuele||Status||resolved => gerrit|
|2017-04-26 14:12||pschuele||Note Added: 0019930|
|2017-04-26 14:12||pschuele||Status||gerrit => resolved|
|2017-04-27 09:17||pschuele||Issue cloned: 0012984|
|2017-04-27 09:17||pschuele||Relationship added||related to 0012984|