FUDforum: comp.lang.php » imap_open: Certificate Error, but only in PHP

Home » Imported messages » comp.lang.php » imap_open: Certificate Error, but only in PHP

Show: Today's Messages :: Polls :: Message Navigator

Re: imap_open: Certificate Error, but only in PHP [message #179814 is a reply to message #179813]

Sat, 08 December 2012 15:54

J.O. Aho
Messages: 194
Registered: September 2010

Karma:

Senior Member

Florian Zeisel wrote:
> Hi everyone,
>
> this week, one of my php scripts suddenly stopped working. I received the following errors:
> It started with: "unable to locate common name", then after a while it was "invalid remote specification".
>
> The code is:
> $srv = '{mail.twooit.com:993/imap/ssl/}';
> $conn = imap_open($srv, $mailuser, $mailpass) or die("can't connect: " . imap_last_error());
>
> It seems the provider installed a new certificate. Openssl on the terminal results in:
> depth=1 /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
> verify error:num=20:unable to get local issuer certificate
> verify return:0
>
> After some research, I was able to make it work by adding the "novalidate-cert" option.
> However, this means that the script does not authenticate the server anymore, which
> cannot be the solution! At least: Is it correct to assume that passwords and mails are
> still transferred encrypted? It might not be that much of a problem, because the script
> is also executed at that provider (different IP address though), and man-in-the-middle
> risk is therefore low..

Yes, the data will still be transferred encrypted, but you could have a man in
the middle without knowing it.

you could try to verify that the certificate belongs to the "host" which you
connect to, this should at least remove the risk of a random certificate to be
used in a man in the middle attack.

> HOWEVER, my Thunderbird email client and also smartphone are still connecting
> without any certificate errors and ssl-check websites say, that the certificate is ok...

have you controlled that it's the same certificate used in thunderbird as the
one you got when you checked with openssl from the machine where the php
script runs?

Also the machine which runs the script may have limited access to the internet
or and having another trusted CA list than your phone/desktop has.

> Can anyone help me to fix this, please?

I doubt this has to do with your PHP code and those it's something off topic
on this newsgroup.

--

//Aho

Report message to a moderator

[Message index]

		imap_open: Certificate Error, but only in PHP By: Florian Zeisel on Sat, 08 December 2012 13:01
		Re: imap_open: Certificate Error, but only in PHP By: J.O. Aho on Sat, 08 December 2012 15:54
		Re: imap_open: Certificate Error, but only in PHP By: Florian Zeisel on Sat, 08 December 2012 20:30
		Re: imap_open: Certificate Error, but only in PHP By: M. Strobel on Sat, 08 December 2012 16:10
		Re: imap_open: Certificate Error, but only in PHP By: Florian Zeisel on Sat, 08 December 2012 20:33
		Re: imap_open: Certificate Error, but only in PHP By: Jerry Stuckle on Sun, 09 December 2012 00:19
		Re: imap_open: Certificate Error, but only in PHP By: M. Strobel on Sun, 09 December 2012 12:15

Previous Topic:	How to Prevent Apache Server From Hanging while running a batch file?
Next Topic:	How to run program from php..?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Nov 24 06:47:52 GMT 2024

Total time taken to generate the page: 0.04739 seconds