[Kolab-devel] SSL configuration chaos for the HTTP_Request2 object

Daniel Hoffend dh at dotlan.net
Sun Aug 25 11:22:52 CEST 2013 

I see one issue here. kolab_files as for now doesn't require libkolab
>plugin. Because it's possible (in the future) to use this plugin and
>Chwala out of kolab, maybe it would be reasonable to keep separation of
>this plugin and use separate code and configuration of HTTP_Request2 
>object.
Well as long as chwala is based on the roundcube framework (bootstrap)
and libkolab is listed in the /usr/share/chwala/lib/kolab/plugins folder
i wouldn't see an issue with using the method from libkolab aswell.

>>  The possible ssl settings can be included in the config.inc.php or
>>  kolab.inc.php
>Because it will be libkolab plugin then kolab.inc.php.
Sure. After thinking about it, it maybe would even make more sense to 
use
a config array like $config['kolab_http_request'] instead of a list of
allowed options. This way you can controll all possible HTTP_Request2´
options like adapter, proxy, timeout, ssl, etc.


 > I think we should create a static method in libkolab plugin. So, all
 > kolab plugins would use:
 >
 > $this->require_plugin('libkolab');
 > $request = libkolab::http_request();

Well maybe if we just switch to a config array options it's not needed 
to
create a wrapper function. I just looked into HTTP_Request2 and it
accepts an arry with options aswell. Not sure if that's worth a wrapper
function.

$request = new HTTP_Request2($url);
if(($config = rcube::get_instance()->config->get('kolab_http_request')) 
!== null) {
     try {
         $request->setConfig($config);
     } catch (HTTP_Request2_Exception $e) {
         rcube::log_error("HTTP_Request2_Exception: " . 
$e->getMessage());
     }
}

>Please, create a ticket in bugzilla.
Will do so.

>ps. we use HTTP_Request also in calendar plugin.
I saw it (when searching the code for HTTP_Request usage).


btw. I'm still searching for the rootcause of my ssl problem when
accessing kolab_files withing roundcube (everything is ssl with a valid 
cert)

(from httpd/access.log)
1.2.3.4 - - [25/Aug/2013:01:16:17 +0200] "GET 
/chwala/api/?method=folder_list&_=1377386164198 HTTP/1.1" 200 56
1.2.3.4 - - [25/Aug/2013:01:16:18 +0200] "GET 
/roundcubemail/?_task=files HTTP/1.1" 200 4655
(from httpd/error.log)
[Sun Aug 25 01:16:18 2013] [error] SSL Library Error: -12195 Peer does 
not recognize and trust the CA that issued your certificate
[Sun Aug 25 01:16:18 2013] [error] SSL Library Error: -12195 Peer does 
not recognize and trust the CA that issued your certificate
[Sun Aug 25 01:16:18 2013] [error] SSL Library Error: -12195 Peer does 
not recognize and trust the CA that issued your certificate
It looks like some kind of ssl api backend calls between kolab_files 
plugin and chwala are getting blocked due to misconfiguration.
If you've an idea let me know otherwise i'll dig into the code and start 
search soon.


--
Regards
Daniel Hoffend

More information about the devel mailing list