[Tickets #14206] Re: TLS no longer works with self-signed certificates

noreply at bugs.horde.org noreply at bugs.horde.org
Mon Jan 4 15:32:37 UTC 2016 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14206
------------------------------------------------------------------------------
  Ticket             | 14206
  Updated By         | aaronp at critd.com
  Summary            | TLS no longer works with self-signed certificates
  Queue              | Ingo
  Version            | Git master
  Type               | Enhancement
  State              | Resolved
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


aaronp at critd.com (2016-01-04 15:32) wrote:

Sorry, but I need to open this ticket again. I was not testing  
correctly, and it turns out the problem was still happening.

After more research and adding a little debug in  
Horde/Socket/Client.php, I discovered that my problem is that  
startTls() never gets called when making a sieve connection in Ingo. I  
then discovered that, of course, Ingo is actually using Net_Sieve to  
connect and not Horde_Socket_Client. I then started passing the same  
verify_peer and verify_peer_name TLS options, and now TLS works with  
Ingo. Here is a clip from my lib/Transport/Timsieved.php starting at  
line 60:

<SNIP>
     protected function _connect()
     {
         if (!empty($this->_sieve)) {
             return;
         }

         $options = array(
             'ssl' => array(
                 'verify_peer' => false,
                 'verify_peer_name' => false
             )
         );

         $auth = empty($this->_params['admin'])
             ? $this->_params['username']
             : $this->_params['admin'];

         $this->_sieve = new Net_Sieve(
             $auth,
             $this->_params['password'],
             $this->_params['hostspec'],
             $this->_params['port'],
             $this->_params['logintype'],
             $this->_params['euser'],
             $this->_params['debug'],
             false,
             $this->_params['usetls'],
             $options,
             array($this, 'debug')
         );
</SNIP>

This was quick and dirty. Maybe you would prefer to pass this kind of  
thing through the constructor? Either way, I think this or something  
similar should be added for the next release. Thanks!

More information about the bugs mailing list