[horde] After upgrading to PHP 5.6 RC 4 IMAP and SMTP with TLS breaks
Michael M Slusarz
slusarz at horde.org
Mon Aug 25 03:51:17 UTC 2014
Quoting Andy Dorman <adorman at ironicdesign.com>:
> On 08/24/2014 09:19 PM, Michael M Slusarz wrote:
>> Quoting Andy Dorman <adorman at ironicdesign.com>:
>>
>>> On 08/24/2014 02:39 PM, Henning wrote:
>>>> Hi all,
>>>>
>>>> after having upgraded to php 5.6 rc 4 I get weird errors trying to
>>>> connect
>>>> to imap with tls (worked before) and as well with smtp with tls.
>>>>
>>>> I get a
>>>> WARN: HORDE [imp] PHP ERROR: fgets(): SSL read operation timed out [pid
>>>> 19086 on line 153 of
>>>> "/usr/share/php/Horde/Imap/Client/Socket/Connection/Socket.php"]
>>>> 2014-08-24T21:36:21+02:00 WARN: HORDE [imp] [listMailboxes] Mail server
>>>> closed the connection unexpectedly. [pid 19086 on line 732 of
>>>> "/var/www/xxx/imp/lib/Imap.php"]
>>>>
>>>> Turning off TLS for IMAP fixes that.
>>>>
>>>> Regards
>>>>
>>>> Henning
>>>>
>>>
>>> I am seeing the similar behavior with Horde 5.2.1 & IMP 6.2.1 after
>>> updating from PHP 5.6 RC3 to PHP 5.6 RC4 (Debian) today. After the
>>> update I see these log entries for Horde and Cyrus IMAP and Imp
>>> reports a problem communicating with the server.
>>>
>>> 2014-08-24T15:00:54.802509-05:00 yorick HORDE: [imp] PHP ERROR:
>>> fgets(): SSL read operation timed out [pid 32642 on line 153 of
>>> "/usr/share/php/Horde/Imap/Client/Socket/Connection/Socket.php"]
>>>
>>> 2014-08-24T15:01:54.613974-05:00 yorick HORDE: [imp] PHP ERROR:
>>> fgets(): SSL read operation timed out [pid 14455 on line 153 of
>>> "/usr/share/php/Horde/Imap/Client/Socket/Connection/Socket.php"]
>>>
>>> 2014-08-24T15:01:54.615668-05:00 yorick HORDE: [imp] [listMailboxes]
>>> Mail server closed the connection unexpectedly. [pid 14455 on line 732
>>> of "/usr/share/horde/imp/lib/Imap.php"]
>>>
>>>
>>> 2014-08-24T15:02:00.272601-05:00 yorick cyrus/imap[14427]: accepted
>>> connection
>>> 2014-08-24T15:02:00.280259-05:00 yorick cyrus/imap[14427]:
>>> imapd:Loading hard-coded DH parameters
>>> 2014-08-24T15:02:00.282538-05:00 yorick cyrus/imap[14427]: TLS Server
>>> Name Indication (SNI) Extension: "yorick.ironicdesign.com"
>>> 2014-08-24T15:02:00.285695-05:00 yorick cyrus/imap[14427]:
>>> SSL_accept() incomplete -> wait
>>> 2014-08-24T15:02:00.324498-05:00 yorick cyrus/imap[14427]:
>>> SSL_accept() succeeded -> done
>>> 2014-08-24T15:02:00.324568-05:00 yorick cyrus/imap[14427]: starttls:
>>> TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits new) no
>>> authentication
>>>
>>> 2014-08-24T15:02:30.396988-05:00 yorick HORDE: [imp] PHP ERROR:
>>> fgets(): SSL read operation timed out [pid 14453 on line 153 of
>>> "/usr/share/php/Horde/Imap/Client/Socket/Connection/Socket.php"]
>>>
>>> 2014-08-24T15:02:30.398703-05:00 yorick HORDE: [imp] [openMailbox]
>>> Mail server closed the connection unexpectedly. [pid 14453 on line 732
>>> of "/usr/share/horde/imp/lib/Imap.php"]
>>>
>>> If I turn TLS off with $servers ['advanced']['secure'] = false;
>>> everything works fine.
>>>
>>> I confirmed that the only changes to our php.ini was to reset the
>>> max_upload_filesze to 2MB and it set expose_php = off.
>>>
>>> I opened ticket # 1349 for this.
>>
>> It's actually Bug #13491. And as reported in that bug, this appears to
>> be a regression in PHP and unrelated to Horde code.
>>
>> michael
>>
>
> Right, did not think it was a Horde/imp issue as everything was
> working fine till we updated to PHP 5.6 RC4+dfsg-4. Then PHP client
> tls stopped working.
>
> I was hoping that again PHP had perhaps changed a default behavior
> like they did a month ago when you had to update
> Horde/Socket/Client.php to default to setting verify_peer and
> verify_peer_name false. Alas, not this time.
If you have time, you might want to try playing around with this code
in the Horde\Socket\Client object:
stream_set_timeout($this->_stream, $timeout);
if (function_exists('stream_set_read_buffer')) {
stream_set_read_buffer($this->_stream, 0);
}
stream_set_write_buffer($this->_stream, 0);
(This is right below the 'verify_peer' code that was changed for PHP
5.6 previously). Uncommenting various combos of these lines might be
a useful exercise - if it fixes the problem, it will be much easier to
produce a meaningful error report upstream.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list