[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

squirrelmail problem -- updated php5.6 from dotdeb.org on wheezy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

# cat /etc/debian_version
7.9


I recently updated php 5.4 to 5.6 via dotdebs [1], these are the
package differences

  libapache2-mod-php5    5.4.45-0+deb7u1                   amd64
  php5-cli               5.4.45-0+deb7u1                   amd64
  php5-common            5.4.45-0+deb7u1                   amd64

  libapache2-mod-php5    5.6.14-1~dotdeb+zts+7.1           amd64
  php5-cli               5.6.14-1~dotdeb+zts+7.1           amd64
  php5-common            5.6.14-1~dotdeb+zts+7.1           amd64


Having done that, squirrelmail won't login properly.

This is the SM error when I try to login:

    Error connecting to IMAP server: tls://localhost.
                          0 :

These are the SM packages that I have installed:

squirrelmail 2:1.4.23~svn20120406-2 all
squirrelmail-compatibility 2.0.16-1 all
squirrelmail-locales 1.4.18-20090526-1 all
squirrelmail-viewashtml 3.8-3 all



Now I do use a self-signed certificate with my own root CA setup, the
root certificate is installed and added to the cert store as follows:


# cd /usr/share/ca-crtificates
# mkdir affinity
# cd affinity
# wget http://affinityvision.com.au/ca.crt
# mv ca.crt affinity-root-ca.crt

I used "dpkg-reconfigure ca-certificates" to add it in okay.


Tested okay [using proper domain name] with:
# openssl s_client -connect mail.example.com:443 -CApath /etc/ssl/certs


Everything else on the mail server is running as expected.


I am using dovecot, that otherwise seems to be fine outside of SM.

dovecot-common         1:2.1.7-7+deb7u1                  all
dovecot-core           1:2.1.7-7+deb7u1                  amd64
dovecot-imapd          1:2.1.7-7+deb7u1                  amd64
dovecot-ldap           1:2.1.7-7+deb7u1                  amd64
dovecot-pop3d          1:2.1.7-7+deb7u1                  amd64
dovecot-sieve          1:2.1.7-7+deb7u1                  amd64


I did find quite an old reference saying to not use STARTTLS but that
no longer seems valid, that reference said that SM didn't support
STARTTLS ... it was supporting it fine before I upgraded PHP --
besides I must use TLS, even though I am using https to get to the SM
server.

I think the problem is how PHP5.6 handles certificate checking,
particularly when using self-signed certificates; I would like to fix
this and continue using my own root CA and certificates for now.  In
time, I may go with a letsencrypt [2] option, but that isn't publicly
available to anyone yet, it is in limited beta.


Any ideas on how to fix this problem and get SM working again?


[1] https://www.dotdeb.org/instructions/
[2] https://letsencrypt.org/ -- NB: not yet in use

Thanks and Kind Regards
AndrewM

-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlY/IzMACgkQqBZry7fv4vts1gD/ZD+Czt3wZwOVqcO4DBIsGZXl
P/DegiQjk678JNyoSHUA+wRmr+4YNFibIAKhPU/kQjXPoadsu06MC/1ZOlvDE4zW
=Q0gp
-----END PGP SIGNATURE-----
Reply to: