Summary | Subscribing to remote calendars returns SSL error |
Queue | Kronolith |
Queue Version | 4.0.2 |
Type | Bug |
State | Not A Bug |
Priority | 2. Medium |
Owners | |
Requester | waste (at) lugh (dot) ch |
Created | 12/06/2012 (4593 days ago) |
Due | |
Updated | 12/06/2012 (4593 days ago) |
Assigned | |
Resolved | 12/06/2012 (4593 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
http://www.horde.org/mail/ contains a list of all available mailing lists.
properly verify SSL certificates.
the command-line curl which means self-signed certs cannot be
verified, is this correct?
So to solve this the correct way, I'd need to download the SSL
certificate of the calendar webserver, and put the cert to eg.
/etc/ssl/certs, correct?
I'm just trying to understand. But maybe this changed behaviour should
be documented somewhere.
properly verify SSL certificates.
4, now they are. And your server cannot verify them, which has
nothing to do with Kronolith.
changed verifyPeer to "false" in
/usr/share/php/Horde/Http/Request/Base.php, then ran
"horde-clear-cache", restarted Apache (just to be sure) and now the
remote calendars show up.
State ⇒ Not A Bug
now they are. And your server cannot verify them, which has nothing to
do with Kronolith.
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Subscribing to remote calendars returns SSL error
Queue ⇒ Kronolith
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
is returned when you activate the checkbox to display that remote
calendar:
Zimbra error:
Problem with
https://mail.example.org/service/user/username@example.org/Calendar:
fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed. fopen(): Failed to enable crypto.
fopen(https://...@example.org/Calendar): failed to open stream:
operation failed
Google Calendar error:
Problem with
https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. fopen(): Failed to enable crypto. fopen(https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics): failed to open stream: operation
failed
This has been tested with:
- Google unauthenticated ICal, valid certificate (I suppose)
- Zimbra authenticated ICal, self-signed certificate
- Both with HTTPS URLs
Server OS: Debian stable (squeeze) 64bit
This worked in Horde 4, so I suspect the error could even be in a PEAR
package.