6.0.0-beta1
7/4/25

[#11822] Subscribing to remote calendars returns SSL error
Summary Subscribing to remote calendars returns SSL error
Queue Kronolith
Queue Version 4.0.2
Type Bug
State Not A Bug
Priority 2. Medium
Owners
Requester waste (at) lugh (dot) ch
Created 12/06/2012 (4593 days ago)
Due
Updated 12/06/2012 (4593 days ago)
Assigned
Resolved 12/06/2012 (4593 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
12/06/2012 04:23:29 PM Jan Schneider Comment #6 Reply to this comment
Please use the mailing list to ask for support.

http://www.horde.org/mail/ contains a list of all available mailing lists.
12/06/2012 03:17:12 PM waste (at) lugh (dot) ch Comment #5 Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to 
properly verify SSL certificates.
You're right again. Horde 5 passes the default options to libcurl as 
the command-line curl which means self-signed certs cannot be 
verified, is this correct?

So to solve this the correct way, I'd need to download the SSL 
certificate of the calendar webserver, and put the cert to eg. 
/etc/ssl/certs, correct?

I'm just trying to understand. But maybe this changed behaviour should 
be documented somewhere.
12/06/2012 02:37:52 PM Jan Schneider Comment #4 Reply to this comment
It doesn't have anything to do with Horde either. Fix you server to 
properly verify SSL certificates.
12/06/2012 02:11:43 PM waste (at) lugh (dot) ch Comment #3 Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 
4, now they are. And your server cannot verify them, which has 
nothing to do with Kronolith.
You're right, it has nothing to do with Kronolith, but with Horde. I 
changed verifyPeer to "false" in 
/usr/share/php/Horde/Http/Request/Base.php, then ran 
"horde-clear-cache", restarted Apache (just to be sure) and now the 
remote calendars show up.
12/06/2012 11:10:49 AM Jan Schneider Comment #2
State ⇒ Not A Bug
Reply to this comment
SSL certificates or remote calendars haven't been verified in Horde 4, 
now they are. And your server cannot verify them, which has nothing to 
do with Kronolith.
12/06/2012 10:43:10 AM waste (at) lugh (dot) ch Comment #1
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Subscribing to remote calendars returns SSL error
Queue ⇒ Kronolith
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
Reply to this comment
When subscribing to remote ICal calendars, the following error popup 
is returned when you activate the checkbox to display that remote 
calendar:

Zimbra error:
Problem with 
https://mail.example.org/service/user/username@example.org/Calendar
fopen(): SSL operation failed with code 1. OpenSSL Error messages: 
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed. fopen(): Failed to enable crypto. 
fopen(https://...@example.org/Calendar): failed to open stream: 
operation failed

Google Calendar error:
Problem with 
https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. fopen(): Failed to enable crypto. fopen(https://www.google.com/calendar/ical/user%40gmail.com/private-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/basic.ics): failed to open stream: operation 
failed

This has been tested with:
- Google unauthenticated ICal, valid certificate (I suppose)
- Zimbra authenticated ICal, self-signed certificate
- Both with HTTPS URLs

Server OS: Debian stable (squeeze) 64bit

This worked in Horde 4, so I suspect the error could even be in a PEAR 
package.

Saved Queries