Closed standardrat closed 3 years ago
I can also login with 'tls' enabled by changing the port from 993 to 143 - although in view of my next comment that may simply mean I'm logging in with no encryption at all...
The current code sets two options for curl when sslmode is 'tls':
if ($this->sslmode === 'tls') {
curl_setopt($ch, CURLOPT_USE_SSL, CURLUSESSL_ALL);
}
I cannot find either of these options in the PHP documentation for curl-setopt
This (non php.net) webpage says that CURLOPT_USE_SSL was added in php7 v7.11: https://curl.se/libcurl/c/CURLOPT_USE_SSL.html (this doesn't do much for me on Ubuntu LTS 18.04.5 LTS running php 7.4...)
The 'debug' logging for user_external should generate a log entry showing the actual connection encryption that was applied...
Finally got back to look into this more.
I verified in the IMAP server logs that when setting the SSL mode to 'ssl', it still uses TLS 1.3 over SSL. The 'tls' setting seems to only be for STARTTLS connections, which start out unencrypted, over port 143.
It seems I had opened this issue due to a misunderstanding, and am therefore closing it.
Steps to reproduce
Expected behaviour
Log in should complete successfully
Actual behaviour
Login is timing out.
Affected Authentication backend
IMAP using TLS
Server configuration
version 20.0.2 Fresh install
Logs
Nextcloud log (data/nextcloud.log)
Nextcloud log
``` `ERROR: Could not connect to imap server via curl: Operation timed out` ```Found the problem and fix: https://github.com/nextcloud/user_external/blob/8a4e57bfcddeee51448edb5233d6d58cda7ca68c/lib/imap.php#L88 It only sets the protocol to imaps for ssl, not tls. Changing the line to the following fixes the issue:
$protocol = ($this->sslmode === "ssl" || $this->sslmode === "tls") ? "imaps" : "imap";
Seems loosely related to #140