Bug 65190 - imap_open fails at php 4.1.2-7
Summary: imap_open fails at php 4.1.2-7
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: php
Version: 7.3
Hardware: athlon
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Phil Copeland
QA Contact: David Lawrence
URL:
Whiteboard:
: 65201 65403 72941 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-05-19 19:22 UTC by Jari Nopanen
Modified: 2007-04-18 16:42 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-05-23 20:11:51 UTC
Embargoed:


Attachments (Terms of Use)

Description Jari Nopanen 2002-05-19 19:22:52 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513

Description of problem:
When trying to open mailbox at php 7.1.2 with imap_open
Couldn't open stream error message appears.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
#!/usr/bin/php
<?php
  printf("%s\n", imap_open ("{server.fi:143}", "username", "password"));
?>


Actual Results:  X-Powered-By: PHP/4.1.2
Content-type: text/html

<br>
<b>Warning</b>:  Couldn't open stream {server.fi:143}
 in <b>php.php</b> on line <b>2</b><br>


Expected Results:  it should print the imap stream number (and do at red hat 7.2)

Additional info:

It is impossible to use imp(horde) mail program because of this problem.

Comment 1 Phil Copeland 2002-05-20 21:01:57 UTC
This is caused by a change of behaviour.

Even if you don't ASK for ssl negotiation, the connection will always try and
negotiate ssl and when the client tries to validate the server's certificate, it
fails.

The script is *almost* correct.
The problem is that the imap/ssl interaction uses a self signed certificate that
we supply that instead of being signed by a cert authority,  ergo the ssl
connection will fail because it's not signed by a trusted authority.

You need to change the mailserver
      from "hostname.com:143"
        to "hostname.com:143/novalidate-cert"; 

and suddenly everything will be fine again.. or you could go pay lots of money
to a key certificate authority (CA) and get yourself a certificate that will
pass the validation checks.

Phil
=--=

Comment 2 Phil Copeland 2002-05-20 21:02:50 UTC
*** Bug 65201 has been marked as a duplicate of this bug. ***

Comment 3 Phil Copeland 2002-05-23 14:11:05 UTC
*** Bug 65403 has been marked as a duplicate of this bug. ***

Comment 4 Pekka Savola 2002-05-23 20:11:29 UTC
This is *definitely* a bug.

At least 99% of Red Hat Linux users install imapd with a default, self-signed certificate.

PHP's IMAP-SSL module should either be:
 1) disabled by default, so that SSL is not used unless requested, or
 2) if a self-signed certificate is encountered, by default fall back to non-secured operation

or:

 3) imapd does not generate a (self-signed) certificate by default, so there should be no problems(?)

Ie. you break all the PHP-IMAP codes by enabling this broken SSL-IMAP.  Not a good thing.  
I wonder what the authors were thinking: changing all the previously-working codes is not an option IMO.


Comment 5 Phil Copeland 2002-06-04 19:56:57 UTC
*shrugg*
Upstream change, not much I can do about it

Phil
=--=

Comment 6 Phil Copeland 2002-08-29 16:30:30 UTC
*** Bug 72941 has been marked as a duplicate of this bug. ***

Comment 7 Need Real Name 2002-08-29 18:52:13 UTC
I am not really sure that Bug 72941 is the same like this. The tips above do not
help. However, I tried to reproduce on RH73 and here I get the following error
message upon imap_open( "{server:110/pop3}INBOX", "user", "pw" ).

> Retrying CRAM-MD5 authentication after Bad user name or password

Comment 8 Phil Copeland 2002-08-29 19:27:30 UTC
$mbox = imap_open ("{localhost:110/pop3/notls}", "user_id", "password");

Worked fine here.

Phil
=--=

Comment 9 Phil Copeland 2002-08-29 19:29:25 UTC
erm sorry that should have been 
imap_open ("{localhost:110/pop3/notls}INBOX", "user_id", "password");


Note You need to log in before you can comment on or make changes to this bug.