6.0.0-git
2019-05-19

[#11822] Subscribing to remote calendars returns SSL error
Summary Subscribing to remote calendars returns SSL error
Queue Kronolith
Queue Version 4.0.2
Type Bug
State Not A Bug
Priority 2. Medium
Owners
Requester waste (at) lugh (dot) ch
Created 2012-12-06 (2355 days ago)
Due
Updated 2012-12-06 (2355 days ago)
Assigned
Resolved 2012-12-06 (2355 days ago)
Milestone
Patch No

History
2012-12-06 16:23:29 Jan Schneider Comment #6 Reply to this comment
Please use the mailing list to ask for support.

http://www.horde.org/mail/ contains a list of all available mailing lists.
2012-12-06 15:17:12 waste (at) lugh (dot) ch Comment #5 Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to 
properly verify SSL certificates.
You're right again. Horde 5 passes the default options to libcurl as 
the command-line curl which means self-signed certs cannot be 
verified, is this correct?

So to solve this the correct way, I'd need to download the SSL 
certificate of the calendar webserver, and put the cert to eg. 
/etc/ssl/certs, correct?

I'm just trying to understand. But maybe this changed behaviour should 
be documented somewhere.
2012-12-06 14:37:52 Jan Schneider Comment #4 Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to 
properly verify SSL certificates.
2012-12-06 14:11:43 waste (at) lugh (dot) ch Comment #3 Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 
4, now they are. And your server cannot verify them, which has 
nothing to do with Kronolith.
You're right, it has nothing to do with Kronolith, but with Horde. I 
changed verifyPeer to "false" in 
/usr/share/php/Horde/Http/Request/Base.php, then ran 
"horde-clear-cache", restarted Apache (just to be sure) and now the 
remote calendars show up.
2012-12-06 11:10:49 Jan Schneider Comment #2
State ⇒ Not A Bug
Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 4, 
now they are. And your server cannot verify them, which has nothing to 
do with Kronolith.
2012-12-06 10:43:10 waste (at) lugh (dot) ch Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Subscribing to remote calendars returns SSL error
Queue ⇒ Kronolith
Milestone ⇒
Patch ⇒ No
Reply to this comment
When subscribing to remote ICal calendars, the following error popup 
is returned when you activate the checkbox to display that remote 
calendar:

Zimbra error:
Problem with 
https://mail.example.org/service/user/username@example.org/Calendar
fopen(): SSL operation failed with code 1. OpenSSL Error messages: 
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed. fopen(): Failed to enable crypto. 
fopen(https://...@example.org/Calendar): failed to open stream: 
operation failed

Google Calendar error:
Problem with 
https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. fopen(): Failed to enable crypto. fopen(https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics): failed to open stream: operation 
failed

This has been tested with:
- Google unauthenticated ICal, valid certificate (I suppose)
- Zimbra authenticated ICal, self-signed certificate
- Both with HTTPS URLs

Server OS: Debian stable (squeeze) 64bit

This worked in Horde 4, so I suspect the error could even be in a PEAR 
package.

Saved Queries