Author Topic: Stacked error: error:14094418:SSL ... alert number 48  (Read 6681 times)

Offline ajhlinuxuser

  • Newbie
  • *
  • Posts: 2
Stacked error: error:14094418:SSL ... alert number 48
« on: February 04, 2019, 12:15:58 AM »
Hi there,

I've been reading and I think I know what the problem is.  I just want to confirm it with the community since there isn't a lot of search results for this error.

On the system running Roundcube, when I try to connect to an IMAP server via SSL, I get the message "Connection to Storage Server Failed" and in /var/log/roundcube/errors, I see:
Code: [Select]
IMAP Error: Login failed for <user> from 1.2.3.4. Could not connect to ssl://<remote_imap_server>:993: Unknown reason in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login?_task=login&_action=login)
On the remote end, I see in /var/log/mail.err:
Code: [Select]
Feb  3 21:53:24 <remote_imap_server> dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48
Here on the forum, I searched for "stacked error" and only got one result:
https://www.roundcubeforum.net/index.php/topic,23669.msg64175.html#msg64175
   -it suggests setting the following (and commenting out extended settings for:
Code: [Select]
$config['imap_conn_options'] = null;
$config['smtp_conn_options'] = null;

I found these to already be set in the defaults.inc.php file, but copied them over to config.inc.php to be sure.  This does not solve the issue.

From the reading I have done, it looks like the issue is a self-signed certificate on the IMAP server.  With Thunderbird on my PC, I am able to override that, but it looks like I will need to learn how to force Roundcube to override this, or if not possible, I will need to create my own Certificate Authority and sign the cert on my email server.  But if that isn't the problem, I will go nuts because I won't be able to tell if I signed the certs correctly (I am not familiar with the certificate creation tools).  Please let me know if that is indeed what I need to do to fix this error.  Thanks.


Roundcube version info:
Code: [Select]
$ apt-cache policy roundcube
roundcube:
  Installed: 1.2~beta+dfsg.1-0ubuntu1
  Candidate: 1.2~beta+dfsg.1-0ubuntu1
  Version table:
 *** 1.2~beta+dfsg.1-0ubuntu1 500
        500 http://mirrors.linode.com/ubuntu xenial/universe amd64 Packages
        500 http://mirrors.linode.com/ubuntu xenial/universe i386 Packages
        100 /var/lib/dpkg/status

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: Stacked error: error:14094418:SSL ... alert number 48
« Reply #1 on: February 04, 2019, 05:49:57 AM »
Because you are using a self-signed cert you need to set imap/smtp_conn_options to either disable peer verification or provide the CA file so the cert can be verified.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and moreā€¦

Offline ajhlinuxuser

  • Newbie
  • *
  • Posts: 2
Re: Stacked error: error:14094418:SSL ... alert number 48
« Reply #2 on: February 06, 2019, 04:01:58 AM »
Hi,

thank you for confirming this.  I am relieved that I know the issue.  For reference to anyone else struggling with this error, I copied the code from default.inc.php and saved it in config.inc.php as such:
Code: [Select]
$config['imap_conn_options'] = array(
        'ssl' => array(
                'verify_peer' => false,
//              'verify_depth' => 3,
//              'cafile'       => '/etc/openssl/certs/ca.crt',
                ),
);

It turns out that the 'null' setting actually uses defaults that set verify_peer to true.

Roundcube is now working, and once I get a certificate authority file ready I can re-enable peer verification to be more secure.

SOLVED.  (I don't know the convention for marking threads as solved here, it looks like a moderator just moves then to another subforum)