Tickets :: [#11822] Subscribing to remote calendars returns SSL error

6.0.0-git

2020-02-25

Summary	Subscribing to remote calendars returns SSL error
Queue	Kronolith
Queue Version	4.0.2
Type	Bug
State	Not A Bug
Priority	2. Medium
Owners
Requester	waste (at) lugh (dot) ch
Created	2012-12-06 (2637 days ago)
Due
Updated	2012-12-06 (2637 days ago)
Assigned
Resolved	2012-12-06 (2637 days ago)
Milestone
Patch	No

2012-12-06 16:23:29	Jan Schneider	Comment #6	Reply to this comment
Please use the mailing list to ask for support. http://www.horde.org/mail/ contains a list of all available mailing lists.

2012-12-06 15:17:12	waste (at) lugh (dot) ch	Comment #5	Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to properly verify SSL certificates. You're right again. Horde 5 passes the default options to libcurl as the command-line curl which means self-signed certs cannot be verified, is this correct? So to solve this the correct way, I'd need to download the SSL certificate of the calendar webserver, and put the cert to eg. /etc/ssl/certs, correct? I'm just trying to understand. But maybe this changed behaviour should be documented somewhere.

2012-12-06 14:37:52	Jan Schneider	Comment #4	Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to properly verify SSL certificates.

2012-12-06 14:11:43	waste (at) lugh (dot) ch	Comment #3	Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 4, now they are. And your server cannot verify them, which has nothing to do with Kronolith. You're right, it has nothing to do with Kronolith, but with Horde. I changed verifyPeer to "false" in /usr/share/php/Horde/Http/Request/Base.php, then ran "horde-clear-cache", restarted Apache (just to be sure) and now the remote calendars show up.

2012-12-06 11:10:49	Jan Schneider	Comment #2 State ⇒ Not A Bug	Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 4, now they are. And your server cannot verify them, which has nothing to do with Kronolith.

2012-12-06 10:43:10	waste (at) lugh (dot) ch	Comment #1 Type ⇒ Bug State ⇒ Unconfirmed Priority ⇒ 2. Medium Summary ⇒ Subscribing to remote calendars returns SSL error Queue ⇒ Kronolith Milestone ⇒ Patch ⇒ No	Reply to this comment
When subscribing to remote ICal calendars, the following error popup is returned when you activate the checkbox to display that remote calendar: Zimbra error: Problem with https://mail.example.org/service/user/username@example.org/Calendar: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. fopen(): Failed to enable crypto. fopen(https://...@example.org/Calendar): failed to open stream: operation failed Google Calendar error: Problem with https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. fopen(): Failed to enable crypto. fopen(https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics): failed to open stream: operation failed This has been tested with: - Google unauthenticated ICal, valid certificate (I suppose) - Zimbra authenticated ICal, self-signed certificate - Both with HTTPS URLs Server OS: Debian stable (squeeze) 64bit This worked in Horde 4, so I suspect the error could even be in a PEAR package.