summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-11-29 13:48:19 +0100
committerBenny Baumann <BenBE@geshi.org>2014-11-29 13:48:19 +0100
commit56f2261871ea6fd1759bcd6759fde7d8e30b5ea7 (patch)
treef89c8960c75f71e1f5b810016af77ba958611a2a
parent1cc5257aba1e6ae883caf464eaadf25783d2279d (diff)
downloadcacert-devel-56f2261871ea6fd1759bcd6759fde7d8e30b5ea7.tar.gz
cacert-devel-56f2261871ea6fd1759bcd6759fde7d8e30b5ea7.tar.xz
cacert-devel-56f2261871ea6fd1759bcd6759fde7d8e30b5ea7.zip
bug 1288: Do STARTTLS whenever offered by the server
-rw-r--r--includes/general.php67
1 files changed, 54 insertions, 13 deletions
diff --git a/includes/general.php b/includes/general.php
index 596cc49..ef87670 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -555,28 +555,69 @@
foreach($mxhosts as $key => $domain)
{
- $fp = @fsockopen($domain,25,$errno,$errstr,5);
+ $fp_opt = array(
+ 'ssl' => array(
+ 'verify_peer' => false, // Opportunistic Encryption
+ )
+ );
+ $fp_ctx = stream_context_create($fp_opt);
+ $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
if($fp)
{
+ stream_set_blocking($fp, true);
- $line = fgets($fp, 4096);
- while(substr($line, 0, 4) == "220-")
- $line = fgets($fp, 4096);
- if(substr($line, 0, 3) != "220")
+ $has_starttls = false;
+
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "220-");
+ if(substr($line, 0, 3) != "220") {
+ fclose($fp);
continue;
- fputs($fp, "HELO www.cacert.org\r\n");
- $line = fgets($fp, 4096);
- while(substr($line, 0, 3) == "220")
+ }
+
+ fputs($fp, "EHLO www.cacert.org\r\n");
+ do {
$line = fgets($fp, 4096);
- if(substr($line, 0, 3) != "250")
+ $has_starttls |= trim($line) == "220-STARTTLS";
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "220") {
+ fclose($fp);
continue;
- fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
- $line = fgets($fp, 4096);
+ }
+
+ if($has_starttls) {
+ stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+
+ fputs($fp, "EHLO www.cacert.org\r\n");
+ do {
+ $line = fgets($fp, 4096);
+ $has_starttls |= trim($line) == "220-STARTTLS";
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "220") {
+ fclose($fp);
+ continue;
+ }
+ }
- if(substr($line, 0, 3) != "250")
+ fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "250") {
+ fclose($fp);
continue;
+ }
+
fputs($fp, "RCPT TO:<$email>\r\n");
- $line = trim(fgets($fp, 4096));
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "250") {
+ fclose($fp);
+ continue;
+ }
+
fputs($fp, "QUIT\r\n");
fclose($fp);