[horde] Free Busy URL and self signed SSL cert

Vilius Šumskas vilius at lnk.lt
Tue Mar 20 09:20:50 UTC 2012 

> > Zitat von Ralf Lang <lang at b1-systems.de>:
> > >
> > >>> At  least  for me the link above downloads without any problems
> except
> > >>> that  browser  complains  certificate is not valid. If you had installed CA
> > >>> into  the  browser  you  should  be  fine  here.  I don't believe that
> > >>> Kronolith  uses  SSL  for  Free  Busy  generation at all, so the error
> > >>> message must come from the browser.
> > >>>
> > >>> Maybe  you  are  having  cache  issue?  Try  clearing temporary
> > >>> files on the
> > >>> browser.
> >
> > I have cleared browser cache.
> >
> > The PC trusts the CA - see http://www.simonandkate.net/img/trust.jpg
> >
> > >>
> > >> I experience the same: Everything alright. No error, no cry.
> > >> SSL handling is transparent to kronolith code.
> > >
> > > It may depend on the Horde_Http_Client backend that's being used.
> > > This could be curl, http extension, or fopen(). They may handle
> > > certs and self-signed failures differently.
> >
> > The error message when googled returns a LOT of curl links. The text
> > returned appears to be a Curl error.
> >
> > This article looks very interesting:
> >
> > http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-
> > ssltls-protected-sites/
> >
> >  From what he is saying:
> >
> > "If $url points toward an HTTPS resource, you?re likely to encounter
> > an error like the one below:
> >
> > Failed: Error Number: 60. Reason: SSL certificate problem, verify that
> > the CA cert is OK. Details: error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
> >
> > That is EXACTLY the error the error message that I am getting.
> >
> > Back to the article:
> >
> > "The problem is that cURL has not been configured to trust the
> > server?s HTTPS certificate. The concepts of certificates and PKI
> > revolves around the trust of Certificate Authorities (CAs), and by
> > default, cURL is setup to not trust any CAs, thus it won?t trust any
> > web server?s certificate."
> >
> > Note his comment that by default, Curl is not set to trust ANY CAs.
> 
> Ahh, OK, so you get this message when using Free/Busy URL inline in
> Kronolith. Kronolith uses Horde_Http_Client for this. And from what we see
> on your system the library uses curl.
> 
> According to http://www.php.net/manual/en/function.curl-setopt.php
> CURLOPT_SSL_VERIFYPEER is turned off by default since curl 7.10.

Sorry I ment "turned on by default"  here.
 
> You can try paching Horde/Http/Request/Curl.php for this. Or using HTTP
> PECL extension or fopen() instead and see if this fixes your problem.

More information about the horde mailing list