When I tried setting my Owncloud Calendar’s ICS export URL (which uses HTTPS) as a calendar import URL in Dolibarr (currently installed are Owncloud 8.0 and Dolibarr from the version 3.6.2-3 Debian package), Dolibarr gave me these errors (taken from the error.log of the webserver, with some additional formatting):
PHP Warning:
file(): SSL operation failed with code 1.
OpenSSL Error messages:\nerror:14090086:SSL routines:
SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
in /usr/share/dolibarr/htdocs/comm/action/class/ical.class.php on line 60
PHP Warning:
file(): Failed to enable crypto
in /usr/share/dolibarr/htdocs/comm/action/class/ical.class.php on line 60
This makes sense, since my Owncloud’s HTTPS uses a certificate that is signed by my self-signed CA. PHP, as by version 5.6, requires HTTPS certificates to verify for streaming access by default, which is a good thing.
To solve this, I had to make the CA of the Owncloud web certificate known to Dolibarr.
On the webserver running Dolibarr, I created a new directory:
~# mkdir /etc/dolibarr/ssl
Then I copied the ca.pem from the Owncloud webserver into that directory.
Finally I had to make a small modifcation to Dolibarr’s ical.class.php as follows:
In file /usr/share/dolibarr/htdocs/comm/action/class/ical.class.php, line 55ff, a function read_file($file) is defined that eventually will access the https://... URL:
function read_file($file)
{
$this->file = $file;
$file_text='';
$tmparray=file($file);
What I had to do was to set up a PHP stream context making my ca.pem the CA for validation. To do so, I put these two lines of code before the call to file():
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'cafile', '/etc/dolibarr/ssl/ca.pem');
$tmparray=file($file, 0, $context);
That resolved the issue, and the ICS sync from Owncloud to Dolibarr now works.
Now you can think of the code quality or crudeness of my patch what you like, but three cheers for free software that allows me to fix a problem in my invoicing system myself. 🙂