$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'verfify_peer_name' => false,
),
);
Sorry for the necrobump, but the above is what worked for me after hours of searching - this configuration ensures the certificate is valid, but it does not require that the common name matches (I think).
]]>I recreated the key and the cert by specifying localhost as the Common Name in the cert request process. It works only for option 1 (verify_peer' => false, 'verfify_peer_name' => false,) though. Anyway, many thanks.
]]>Self-sign certificate related:
# cd /etc/ssl/private/
# openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
/etc/postfix/main.cf
...
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
...
/etc/dovecot/dovecot.conf
...
ssl_cert = </etc/ssl/private/server.crt
ssl_key = </etc/ssl/private/server.key
/etc/webapps/roundcubemail/config/config.inc.php
Option 1:
...
$config['default_host'] = 'ssl://localhost/';
$config['default_port'] = 993;
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verfify_peer_name' => false,
),
);
Option 2:
...
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'verify_depth' => 3,
'cafile' => '/etc/ssl/private/server.crt',
),
);
Anything still missing?
]]>cat cert.crt cert.key > myca.pem
cat myca.pem intermediateca.pem > final.pem
I also got it to work on my self signed as well but it had to be the same .pem file that postfix and dovecot was using. They all have to match as well as your domain name for each.
]]>Ok problem solved.
1) manually updated roundcube php files from upstream git changes
2) added the IMAP_conn_options array with verify_peer true, verify_depth 3, and specify the same cafile .pem as dovecot/postfix (self signed)
Can you specify which php files and the url of git to get the files?
]]>1) manually updated roundcube php files from upstream git changes
2) added the IMAP_conn_options array with verify_peer true, verify_depth 3, and specify the same cafile .pem as dovecot/postfix (self signed)
Warning: stream_socket_client(): SSL: Connection reset by peer in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap_generic.php on line 860
Warning: stream_socket_client(): Failed to enable crypto in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap_generic.php on line 860
Warning: stream_socket_client(): unable to connect to ssl://localhost:993 (Unknown error) in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap_generic.php on line 860
IMAP Error in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap.php (184): Login failed for mail@example.com from x.x.x.x(X-Forwarded-For: x.x.x.x). Could not connect to ssl://localhost:993: Unknown reason
# $Id$
# Maintainer: Sergej Pupykin <pupykin.s+arch@gmail.com>
pkgname=roundcubemail
pkgver=1.0.2.3b55da
pkgrel=1
pkgdesc="A PHP web-based mail client"
arch=('any')
url="http://www.roundcube.net"
license=('GPL')
depends=('php')
optdepends=('python2')
backup=('etc/webapps/roundcubemail/.htaccess'
'etc/webapps/roundcubemail/apache.conf')
install=roundcubemail.install
options=('!strip' 'emptydirs')
source=("${pkgname}::git+https://github.com/roundcube/roundcubemail.git#commit=9a498212446f6c9a186df5652a7625526b590b78"
apache.conf)
md5sums=('SKIP'
'f11b17e2a80b383cde4af963fb307541')
prepare() {
cd ${srcdir}/${pkgname}
sed -i \
-e "s|RCUBE_INSTALL_PATH . 'temp.*|'/var/cache/roundcubemail';|" \
-e "s|RCUBE_INSTALL_PATH . 'logs.*|'/var/log/roundcubemail';|" \
config/defaults.inc.php \
program/lib/Roundcube/rcube_config.php
}
package() {
mkdir -p ${pkgdir}/etc/webapps/roundcubemail
mkdir -p ${pkgdir}/usr/share/webapps
mkdir -p ${pkgdir}/var/log
cd ${pkgdir}/usr/share/webapps
cp -ra ${srcdir}/${pkgname} roundcubemail
cd roundcubemail
mv .htaccess $pkgdir/etc/webapps/roundcubemail/
ln -s /etc/webapps/roundcubemail/.htaccess .htaccess
mv config $pkgdir/etc/webapps/roundcubemail/
ln -s /etc/webapps/roundcubemail/config config
install -dm0750 $pkgdir/var/{log,cache}/roundcubemail
install -Dm0644 $srcdir/apache.conf $pkgdir/etc/webapps/roundcubemail/apache.conf
# install -dm0755 $pkgdir/etc/php/conf.d/
# cat <<EOF >$pkgdir/etc/php/conf.d/$pkgname.ini
#open_basedir = ${open_basedir}:/etc/webapps/roundcubemail:/usr/share/webapps/roundcubemail:/var/log/roundcubemail:/var/cache/roundcubemail
#EOF
rm -rf temp logs
}
Then I added these values to my roundcube config:
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['imap_conn_options'] = array(
// 'ssl' => array(
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
// ),
// );
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verfify_peer_name' => false,
),
);
// SMTP connection timeout, in seconds. Default: 0 (use default_socket_timeout)
// Note: There's a known issue where using ssl connection with
// timeout > 0 causes connection errors (https://bugs.php.net/bug.php?id=54511)
$config['smtp_timeout'] = 5;
// SMTP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation, and
// requires 'smtp_timeout' to be non zero.
// $config['smtp_conn_options'] = array(
// 'ssl' => array(
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
// ),
// );
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
It works like a charm.
]]>Fail. But I need to have access to my roundcube.
]]>