Control: reassing -1 src:php5 Control: severity -1 normal Control: retitle -1 UPGRADING document missing in php5-common
Hi, if you uncomment the @fsockopen in the affected code you would see: [10-Jun-2014 11:58:55 UTC] PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /usr/share/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 746 [10-Jun-2014 11:58:55 UTC] PHP Warning: fsockopen(): Failed to enable crypto in /usr/share/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 746 [10-Jun-2014 11:58:55 UTC] PHP Warning: fsockopen(): unable to connect to ssl://localhost:993 (Unknown error) in /usr/share/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 746 [10-Jun-2014 11:58:55 +0000]: IMAP Error: Login failed for user@localhost from 2001:1488:fffe:6:11a6:2588:8dda:226c. Could not connect to ssl://localhost:993: Unknown reason (fsockopen() function disabled?) in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 184 (POST /roundcube/?_task=login&_action=login) Either install ca-certificates or properly install your server certificate (or used CA) into /etc/ssl/certs/ More information can be found in UPGRADING document in the sources: > - OpenSSL: > To prevent man-in-the-middle attacks against encrypted transfers client > streams now verify peer certificates by default. Previous versions > required users to manually enable peer verification. As a result of this > change, existing code using ssl:// or tls:// stream wrappers (e.g. > file_get_contents(), fsockopen(), stream_socket_client()) may no longer > connect successfully without manually disabling peer verification via the > stream context's "verify_peer" setting. Encrypted transfers delegate to > operating system certificate stores by default if not overridden via the > new openssl.cafile and openssl.cafile ini directives or via call-time SSL > context options, so most users should be unaffected by this transparent > security enhancement. (https://wiki.php.net/rfc/tls-peer-verification) O. On Mon, Jun 9, 2014, at 15:21, Bart Champagne wrote: > My reason for suspecting a PHP bug : > Horde is also affected by the latest PHP packages upgrade, so I'm > calling this a bug in PHP5.6 and not in Roundcube or Horde. > > SSL/TLS auth turned sour after the following apt-get upgrade : > > Start-Date: 2014-06-05 10:00:36 > Commandline: apt-get upgrade > Upgrade: > php5-xmlrpc:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-sqlite:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-mongo:amd64 (1.4.5-2, 1.4.5-2+b1) > php5-geoip:amd64 (1.1.0-1, 1.1.0-1+b1) > libapache2-mod-php5:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-mysql:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-apcu:amd64 (4.0.4-1, 4.0.4-2) > php5-ldap:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php-horde-lz4:amd64 (1.0.3-1, 1.0.3-1+b1) > php5-common:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-curl:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-raphf:amd64 (1.0.4-1, 1.0.4-1+b1) > php5-mcrypt:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-sasl:amd64 (0.1.0-3, 0.1.0-3+b1) > php5-tidy:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-readline:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-memcache:amd64 (3.0.8-4, 3.0.8-4+b1) > libmagickwand5:amd64 (6.7.7.10+dfsg-1, 6.7.7.10+dfsg-3) > php5-xdebug:amd64 (2.2.4-1, 2.2.4-1+b1) > php5-cli:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-propro:amd64 (1.0.0-1, 1.0.0-1+b1) > php5-pecl-http:amd64 (2.0.4-1, 2.0.4-1+b1) > php5-json:amd64 (1.3.5-1, 1.3.5-2) > php5-imap:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php-pear:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > libmagickcore5:amd64 (6.7.7.10+dfsg-1, 6.7.7.10+dfsg-3) > php5-pspell:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > imagemagick-common:amd64 (6.7.7.10+dfsg-1, 6.7.7.10+dfsg-3) > php5-gd:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > php5-imagick:amd64 (3.1.2-1, 3.1.2-1+b1) > php5-intl:amd64 (5.5.12+dfsg-2, 5.6.0~beta3+dfsg-2) > End-Date: 2014-06-05 10:00:58 > > (I'm on Debian Jessie btw) > > Kind regards, > > Bart > > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
