Ubuntu
squirrelmail package

2012 squirrelmail release incompatible with php 5.6.

Bug #1461340 reported by Robert Hardy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squirrelmail (Ubuntu)
New
Undecided
Unassigned

Bug Description

The version of squirrelmail in universe is ancient i.e. from 2012.

Ubuntu 15.04 now ships with php 5.6 which has verify_peer on my default. That is a good idea if you can actually configure it.

This version of squirrelmail does not support configuring your TLS connections and expects verify_peer to be off. This means no matter what you do all your SMTPS and IMAPS connections will always fail because the certificate verification will always fail. Most likely due to not having CA certificate(s) configured for the verification. To be clear this version of squirrelmail does not support CA certificate configuration. Upstream this is fixed in the Stable version snapshots. Please upgrade this package to the latest Stable version snapshot.

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: squirrelmail 2:1.4.23~svn20120406-2
ProcVersionSignature: Ubuntu 3.19.0-18.18-generic 3.19.6
Uname: Linux 3.19.0-18-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Tue Jun 2 20:51:09 2015
InstallationDate: Installed on 2010-05-23 (1836 days ago)
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_CA.UTF-8
 SHELL=/bin/tcsh
SourcePackage: squirrelmail
UpgradeStatus: Upgraded to vivid on 2015-06-01 (1 days ago)

Revision history for this message
Robert Hardy (rhardy) wrote :
Revision history for this message
Robert Hardy (rhardy) wrote :

Please note I had to upgrade to the 1.5.2 series in order to get a working system on Ubuntu 15.04.
I have packaged this and put an upgraded package in my PPA: ppa:rhardy/webconsrp
The new package works for me. I went for a fresh config file on the new version but that is optional.
The package is based on the original package for vivid but was upgraded to handle the new release.

I have never figured out how to actually get that "published" so it shows in Universe. If the original maintainer knows how feel free to either take the packages or the patches there in which I had to port so they applied to the 1.5.2 series. There were also packaging changes to handle the new css and templates directories which are new in 1.5.2. The package still recommends squirrelmail-viewashtml but will actually remove that when it is installed. The squirrelmail 1.5.2 seems to have that built in now. I'll find where that recommend is coming from at some later point...

Please note you must have a working certificate verification chain for the package to work. To get this I had to ensure /etc/ssl/certs had the full certificate chain and then ran a c_rehash in that directory.

Ultimately openssl must be able to cleanly connect for the rest to work. I found this helpful for debugging:
openssl s_client -CApath /etc/ssl/certs -connect <FQDN>:<PORT>

If you have it configured properly you should see "Verify return code: 0 (ok)" near the end of the output, if not add certificates and c_rehash until you do.

To make the php and squirrelmail use that working certificate validation chain I did two things:
 1. I configured openssl.capath in /etc/php5/apache2/php.ini
 2. I created a /etc/squirrelmail/config_local.php. See config_local.example.php for hints. I used capath instead of cafile.

You may be able to get away with only one of those but I did both and it works for me.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.