[Tickets #14430] Re: pear upgrade-all fails re: certificate verify failed

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Sep 7 15:03:07 UTC 2016 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14430
------------------------------------------------------------------------------
  Ticket             | 14430
  Updated By         | g.tranelli at inarcassa.it
  Summary            | pear upgrade-all fails re: certificate verify failed
  Queue              | Horde.org Servers
  Version            | PEAR server
  Type               | Bug
  State              | Not A Bug
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


g.tranelli at inarcassa.it (2016-09-07 15:03) wrote:

>> We cannot upgrade Horde using "pear upgrade-all" on a new CentOS 7
>> server. I suspect that it's related to this:
>>
>> http://php.net/manual/en/migration56.openssl.php
>>
>>
>> Specifically, pear is complaining that the certificate used by
>> pear.horde.org cannot be verified as it's self-signed.
>
>
> pear.horde.org does not contain a self-signed cert. It's signed by  
> letsencrypt.
>
> Perhaps you need to add the certificate chain to your system?
>
>> Here is some more information:
>>
>> [root at www001 ~]# pear -V
>> PEAR Version: 1.10.1
>> PHP Version: 5.6.24
>> Zend Engine Version: 2.6.0
>> Running on: Linux www001 3.10.0-327.18.2.el7.x86_64 #1 SMP Thu May 12
>> 11:03:55 UTC 2016 x86_64
>> [root at www001 ~]# pear -vvv upgrade-all
>> ...
>> Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error
>> messages:
>> error:14090086:SSL routines:ssl3_get_server_certificate:certificate
>> verify failed in PEAR/REST.php on line 432
>>
>> Warning: fsockopen(): Failed to enable crypto in PEAR/REST.php on line 432
>>
>> Warning: fsockopen(): unable to connect to ssl://pear.horde.org:443
>> (Unknown error) in PEAR/REST.php on line 432
>> Error getting channel info from pear.horde.org: Connection to
>> `ssl://pear.horde.org:443' failed:
>> ...
>>
>>
>> This is a serious issue for us, as we're not able to apply
>> maintenance upgrade to our webmail software at this time. Thanks.
>


I have the same issue on RHEL6.8.
What do you mean "you need to add the certificate chain to your system?"

Thanks

More information about the bugs mailing list