summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-11-29 14:44:09 +0100
committerBenny Baumann <BenBE@geshi.org>2014-11-29 14:44:09 +0100
commit25936445de04c27c377f2de84f117100b43d533f (patch)
treed783e99f25a510543a4fcdf1a604e5f1eedd8489
parentff0f3887897a4a5dd238e4a9e5f8227e1f25a50f (diff)
downloadcacert-devel-25936445de04c27c377f2de84f117100b43d533f.tar.gz
cacert-devel-25936445de04c27c377f2de84f117100b43d533f.tar.xz
cacert-devel-25936445de04c27c377f2de84f117100b43d533f.zip
bug 1288: Actually request encryption for the connection before activating
-rw-r--r--includes/general.php9
1 files changed, 9 insertions, 0 deletions
diff --git a/includes/general.php b/includes/general.php
index b3fd121..57268dc 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -587,6 +587,15 @@
}
if($has_starttls) {
+ fputs($fp, "STARTTLS\r\n");
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "220-");
+ if(substr($line, 0, 3) != "220") {
+ fclose($fp);
+ continue;
+ }
+
stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
fputs($fp, "EHLO www.cacert.org\r\n");