Tickets :: [#11822] Subscribing to remote calendars returns SSL error

6.0.0-beta1

7/4/25

Summary	Subscribing to remote calendars returns SSL error
Queue	Kronolith
Queue Version	4.0.2
Type	Bug
State	Not A Bug
Priority	2. Medium
Owners
Requester	waste (at) lugh (dot) ch
Created	12/06/2012 (4593 days ago)
Due
Updated	12/06/2012 (4593 days ago)
Assigned
Resolved	12/06/2012 (4593 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

12/06/2012 04:23:29 PM	Jan Schneider	Comment #6	Reply to this comment
Please use the mailing list to ask for support. http://www.horde.org/mail/ contains a list of all available mailing lists.

12/06/2012 03:17:12 PM	waste (at) lugh (dot) ch	Comment #5	Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to properly verify SSL certificates. You're right again. Horde 5 passes the default options to libcurl as the command-line curl which means self-signed certs cannot be verified, is this correct? So to solve this the correct way, I'd need to download the SSL certificate of the calendar webserver, and put the cert to eg. /etc/ssl/certs, correct? I'm just trying to understand. But maybe this changed behaviour should be documented somewhere.

12/06/2012 02:37:52 PM	Jan Schneider	Comment #4	Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to properly verify SSL certificates.

12/06/2012 02:11:43 PM	waste (at) lugh (dot) ch	Comment #3	Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 4, now they are. And your server cannot verify them, which has nothing to do with Kronolith. You're right, it has nothing to do with Kronolith, but with Horde. I changed verifyPeer to "false" in /usr/share/php/Horde/Http/Request/Base.php, then ran "horde-clear-cache", restarted Apache (just to be sure) and now the remote calendars show up.

12/06/2012 11:10:49 AM	Jan Schneider	Comment #2 State ⇒ Not A Bug	Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 4, now they are. And your server cannot verify them, which has nothing to do with Kronolith.

12/06/2012 10:43:10 AM	waste (at) lugh (dot) ch	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ Subscribing to remote calendars returns SSL error Queue ⇒ Kronolith Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
When subscribing to remote ICal calendars, the following error popup is returned when you activate the checkbox to display that remote calendar: Zimbra error: Problem with https://mail.example.org/service/user/username@example.org/Calendar: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. fopen(): Failed to enable crypto. fopen(https://...@example.org/Calendar): failed to open stream: operation failed Google Calendar error: Problem with https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. fopen(): Failed to enable crypto. fopen(https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics): failed to open stream: operation failed This has been tested with: - Google unauthenticated ICal, valid certificate (I suppose) - Zimbra authenticated ICal, self-signed certificate - Both with HTTPS URLs Server OS: Debian stable (squeeze) 64bit This worked in Horde 4, so I suspect the error could even be in a PEAR package.