[horde] Free Busy URL and self signed SSL cert
Jan Schneider
jan at horde.org
Tue Mar 20 08:17:08 UTC 2012
Zitat von Ralf Lang <lang at b1-systems.de>:
>> At least for me the link above downloads without any problems except
>> that browser complains certificate is not valid. If you had installed CA
>> into the browser you should be fine here. I don't believe that
>> Kronolith uses SSL for Free Busy generation at all, so the error
>> message must come from the browser.
>>
>> Maybe you are having cache issue? Try clearing temporary files on the
>> browser.
>
> I experience the same: Everything alright. No error, no cry.
> SSL handling is transparent to kronolith code.
It may depend on the Horde_Http_Client backend that's being used. This
could be curl, http extension, or fopen(). They may handle certs and
self-signed failures differently.
>>> Horde config $conf[openssl][cafile] is set to /etc/pki/tls/certs. The
>>> explanatory text for that says: "The location of the root certificates
>>> bundle, e.g. /etc/ssl/certs." Does this mean that Horde only checks
>>> the CA-bundle file located in that folder and installed by the openssl
>>> package, or does it parse that directory for all valid hashed certs?
>>> If the latter, then this should verify without any problem...
>>
>> AFAIK this should be set to the CA certificate file, not the directory.
>>
> Really? Then we should change the explanation.
No, a directory is fine, but this is only used explicitly in
Horde_Crypt. Horde_Http_Client delegates HTTPS access to the
underlying backend.
Jan.
--
The Horde Project
http://www.horde.org/
More information about the horde
mailing list