[Tickets #14206] Re: TLS no longer works with self-signed certificates
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Jan 4 15:32:37 UTC 2016
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14206
------------------------------------------------------------------------------
Ticket | 14206
Updated By | aaronp at critd.com
Summary | TLS no longer works with self-signed certificates
Queue | Ingo
Version | Git master
Type | Enhancement
State | Resolved
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
aaronp at critd.com (2016-01-04 15:32) wrote:
Sorry, but I need to open this ticket again. I was not testing
correctly, and it turns out the problem was still happening.
After more research and adding a little debug in
Horde/Socket/Client.php, I discovered that my problem is that
startTls() never gets called when making a sieve connection in Ingo. I
then discovered that, of course, Ingo is actually using Net_Sieve to
connect and not Horde_Socket_Client. I then started passing the same
verify_peer and verify_peer_name TLS options, and now TLS works with
Ingo. Here is a clip from my lib/Transport/Timsieved.php starting at
line 60:
<SNIP>
protected function _connect()
{
if (!empty($this->_sieve)) {
return;
}
$options = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false
)
);
$auth = empty($this->_params['admin'])
? $this->_params['username']
: $this->_params['admin'];
$this->_sieve = new Net_Sieve(
$auth,
$this->_params['password'],
$this->_params['hostspec'],
$this->_params['port'],
$this->_params['logintype'],
$this->_params['euser'],
$this->_params['debug'],
false,
$this->_params['usetls'],
$options,
array($this, 'debug')
);
</SNIP>
This was quick and dirty. Maybe you would prefer to pass this kind of
thing through the constructor? Either way, I think this or something
similar should be added for the next release. Thanks!
More information about the bugs
mailing list