diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-11-29 13:48:19 +0100 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-11-29 13:48:19 +0100 |
| commit | 56f2261871ea6fd1759bcd6759fde7d8e30b5ea7 (patch) | |
| tree | f89c8960c75f71e1f5b810016af77ba958611a2a | |
| parent | 1cc5257aba1e6ae883caf464eaadf25783d2279d (diff) | |
| download | cacert-devel-56f2261871ea6fd1759bcd6759fde7d8e30b5ea7.tar.gz cacert-devel-56f2261871ea6fd1759bcd6759fde7d8e30b5ea7.tar.xz cacert-devel-56f2261871ea6fd1759bcd6759fde7d8e30b5ea7.zip | |
bug 1288: Do STARTTLS whenever offered by the server
| -rw-r--r-- | includes/general.php | 67 |
1 files changed, 54 insertions, 13 deletions
diff --git a/includes/general.php b/includes/general.php index 596cc49..ef87670 100644 --- a/includes/general.php +++ b/includes/general.php @@ -555,28 +555,69 @@ foreach($mxhosts as $key => $domain) { - $fp = @fsockopen($domain,25,$errno,$errstr,5); + $fp_opt = array( + 'ssl' => array( + 'verify_peer' => false, // Opportunistic Encryption + ) + ); + $fp_ctx = stream_context_create($fp_opt); + $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx); if($fp) { + stream_set_blocking($fp, true); - $line = fgets($fp, 4096); - while(substr($line, 0, 4) == "220-") - $line = fgets($fp, 4096); - if(substr($line, 0, 3) != "220") + $has_starttls = false; + + do { + $line = fgets($fp, 4096); + } while(substr($line, 0, 4) == "220-"); + if(substr($line, 0, 3) != "220") { + fclose($fp); continue; - fputs($fp, "HELO www.cacert.org\r\n"); - $line = fgets($fp, 4096); - while(substr($line, 0, 3) == "220") + } + + fputs($fp, "EHLO www.cacert.org\r\n"); + do { $line = fgets($fp, 4096); - if(substr($line, 0, 3) != "250") + $has_starttls |= trim($line) == "220-STARTTLS"; + } while(substr($line, 0, 4) == "250-"); + if(substr($line, 0, 3) != "220") { + fclose($fp); continue; - fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n"); - $line = fgets($fp, 4096); + } + + if($has_starttls) { + stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); + + fputs($fp, "EHLO www.cacert.org\r\n"); + do { + $line = fgets($fp, 4096); + $has_starttls |= trim($line) == "220-STARTTLS"; + } while(substr($line, 0, 4) == "250-"); + if(substr($line, 0, 3) != "220") { + fclose($fp); + continue; + } + } - if(substr($line, 0, 3) != "250") + fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n"); + do { + $line = fgets($fp, 4096); + } while(substr($line, 0, 4) == "250-"); + if(substr($line, 0, 3) != "250") { + fclose($fp); continue; + } + fputs($fp, "RCPT TO:<$email>\r\n"); - $line = trim(fgets($fp, 4096)); + do { + $line = fgets($fp, 4096); + } while(substr($line, 0, 4) == "250-"); + if(substr($line, 0, 3) != "250") { + fclose($fp); + continue; + } + fputs($fp, "QUIT\r\n"); fclose($fp); |