PHP7.1 Self-Signed Certificates and Inbound Email

Hi all,

I have a SuiteCRM installation on CentOS7 which has had PHP7.1 installed. When testing an inbound email account the account setup fails with an invalid CA. This makes sense as the certificate is self signed and expired by about 3 years.

I don’t control the mail server and operationally should expect the certificate to be out of date/self-signed/changed without notice and can’t have this interrupt the operation of the CRM. The mail server is also on the same internal network as the CRM server.

Thunderbird is able to check the email account in question after a certificate exception has been added. The settings are IMAP+STARTTLS.

I have tried a few different things to get the system working:
Changed InboundEmail.php so that novalidate-cert was included in most of the imap_open calls. Didn’t work.
Changed InboundEmail.php line 4616 (as per https://github.com/vladbar/SuiteCRM/commit/09df61b4164505811c3b565c90bb9e13e996e458) and that moved me onto a different error: Can’t open mailbox {XXX/imap/}INBOX: invalid remote specification

The outbound mail server is working fine as it is pure SMTP relay with no encryption/certificates/SSL. A previous version of PHP (before 5.5) worked fine however I note that the newer version of PHP (5.6+) are forcing verification of the SSL credentials which is why I now have this problem.

Is it possible to modify the InboundEmail.php options so that verify_peer etc can be overridden and the “bad” certificates accepted?

What have other people done to get around this issue?

Kind regards and thanks in advance for all suggestions.