squirrelmail problem -- updated php5.6 from dotdeb.org on wheezy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
# cat /etc/debian_version
7.9
I recently updated php 5.4 to 5.6 via dotdebs [1], these are the
package differences
libapache2-mod-php5 5.4.45-0+deb7u1 amd64
php5-cli 5.4.45-0+deb7u1 amd64
php5-common 5.4.45-0+deb7u1 amd64
libapache2-mod-php5 5.6.14-1~dotdeb+zts+7.1 amd64
php5-cli 5.6.14-1~dotdeb+zts+7.1 amd64
php5-common 5.6.14-1~dotdeb+zts+7.1 amd64
Having done that, squirrelmail won't login properly.
This is the SM error when I try to login:
Error connecting to IMAP server: tls://localhost.
0 :
These are the SM packages that I have installed:
squirrelmail 2:1.4.23~svn20120406-2 all
squirrelmail-compatibility 2.0.16-1 all
squirrelmail-locales 1.4.18-20090526-1 all
squirrelmail-viewashtml 3.8-3 all
Now I do use a self-signed certificate with my own root CA setup, the
root certificate is installed and added to the cert store as follows:
# cd /usr/share/ca-crtificates
# mkdir affinity
# cd affinity
# wget http://affinityvision.com.au/ca.crt
# mv ca.crt affinity-root-ca.crt
I used "dpkg-reconfigure ca-certificates" to add it in okay.
Tested okay [using proper domain name] with:
# openssl s_client -connect mail.example.com:443 -CApath /etc/ssl/certs
Everything else on the mail server is running as expected.
I am using dovecot, that otherwise seems to be fine outside of SM.
dovecot-common 1:2.1.7-7+deb7u1 all
dovecot-core 1:2.1.7-7+deb7u1 amd64
dovecot-imapd 1:2.1.7-7+deb7u1 amd64
dovecot-ldap 1:2.1.7-7+deb7u1 amd64
dovecot-pop3d 1:2.1.7-7+deb7u1 amd64
dovecot-sieve 1:2.1.7-7+deb7u1 amd64
I did find quite an old reference saying to not use STARTTLS but that
no longer seems valid, that reference said that SM didn't support
STARTTLS ... it was supporting it fine before I upgraded PHP --
besides I must use TLS, even though I am using https to get to the SM
server.
I think the problem is how PHP5.6 handles certificate checking,
particularly when using self-signed certificates; I would like to fix
this and continue using my own root CA and certificates for now. In
time, I may go with a letsencrypt [2] option, but that isn't publicly
available to anyone yet, it is in limited beta.
Any ideas on how to fix this problem and get SM working again?
[1] https://www.dotdeb.org/instructions/
[2] https://letsencrypt.org/ -- NB: not yet in use
Thanks and Kind Regards
AndrewM
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlY/IzMACgkQqBZry7fv4vts1gD/ZD+Czt3wZwOVqcO4DBIsGZXl
P/DegiQjk678JNyoSHUA+wRmr+4YNFibIAKhPU/kQjXPoadsu06MC/1ZOlvDE4zW
=Q0gp
-----END PGP SIGNATURE-----
Reply to: