Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Apr 2018 16:25:57 -0400
From:      "Derek (freebsd lists)" <482254ac@razorfever.net>
To:        byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org
Subject:   Re: PHP and openssl
Message-ID:  <d71e86be-718f-b6fb-0146-e0073459ce7b@razorfever.net>
In-Reply-To: <71b67f79d405215f875f7fcd61913959.squirrel@webmail.harte-lyne.ca>
References:  <71b67f79d405215f875f7fcd61913959.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 18-04-30 10:29 AM, James B. Byrne via freebsd-questions wrote:
> I am trying to get a Squirrelmail-1.4.23, running on FreeBSD-11.1
> under Apache-2.4.33, to connect to our existing Cyrus-IMAP and SMTP
> services using TLS.  Examination of the web service log files for ssh
> reveals these messages:
> 
> [Mon Apr 30 09:10:22.510233 2018] [:error] [pid 75098] [client
> 192.168.209.44:36022] PHP Warning:  fsockopen(): SSL operation failed
> with code 1. OpenSSL Error messages:\nerror:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed in
> /usr/local/www/squirrelmail/src/configtest.php on line 406
> ...
> 
> Now, if I connect to inet08.hamilton.harte-lyne.ca:465 using openssl
> s_client I see this:
> 
>   openssl s_client -connect inet08.hamilton.harte-lyne.ca:465
> CONNECTED(00000003)
> depth=2 CN = CA_HLL_ROOT_2016, ST = Ontario, O = Harte & Lyne Limited,
> OU = Networked Data Services, C = CA, DC = harte-lyne, DC = ca, L =
> Hamilton
> verify error:num=19:self signed certificate in certificate chain
> ---

This looks to me like you don't have your custom CA (or cert) in 
your certificate chain.

You might have the option to disable strict checking, but better 
- install custom certificate in the machine.  This thread seems 
relevant:

https://lists.freebsd.org/pipermail/freebsd-questions/2015-March/264652.html

or this:

https://stackoverflow.com/questions/41772340/how-do-i-add-a-certificate-authority-to-php-so-the-file-function-trusts-certif?rq=1

Hope that helps!
Derek

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d71e86be-718f-b6fb-0146-e0073459ce7b>