mirror of
https://github.com/the-djmaze/snappymail.git
synced 2025-12-11 05:36:14 +08:00
Remote host ssl verification
This commit is contained in:
RainLoop Team
parent
c26ab305a1
commit
d63dc10e5b
6 changed files with 94 additions and 54 deletions
|
|
@ -126,7 +126,7 @@ class ImapClient extends \MailSo\Net\NetClient
|
|||
* @param string $sServerName
|
||||
* @param int $iPort = 143
|
||||
* @param int $iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT
|
||||
* @param bool $bCapturePeerCertIfSsl = false
|
||||
* @param bool $bVerifySsl = false
|
||||
*
|
||||
* @return \MailSo\Imap\ImapClient
|
||||
*
|
||||
|
|
@ -135,11 +135,11 @@ class ImapClient extends \MailSo\Net\NetClient
|
|||
* @throws \MailSo\Imap\Exceptions\Exception
|
||||
*/
|
||||
public function Connect($sServerName, $iPort = 143,
|
||||
$iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT, $bCapturePeerCertIfSsl = false)
|
||||
$iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT, $bVerifySsl = false)
|
||||
{
|
||||
$this->aTagTimeouts['*'] = \microtime(true);
|
||||
|
||||
parent::Connect($sServerName, $iPort, $iSecurityType, $bCapturePeerCertIfSsl);
|
||||
parent::Connect($sServerName, $iPort, $iSecurityType, $bVerifySsl);
|
||||
|
||||
$this->parseResponseWithValidation('*', true);
|
||||
|
||||
|
|
|
|||
|
|
@ -47,6 +47,6 @@ class SocketCanNotConnectToHostException extends \MailSo\Net\Exceptions\Connecti
|
|||
*/
|
||||
public function getSocketCode()
|
||||
{
|
||||
return $this->sSocketMessage;
|
||||
return $this->iSocketCode;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -168,11 +168,24 @@ abstract class NetClient
|
|||
return $this->rConnect;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param int $iErrNo
|
||||
* @param string $sErrStr
|
||||
* @param string $sErrFile
|
||||
* @param int $iErrLine
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function capturePhpErrorWithException($iErrNo, $sErrStr, $sErrFile, $iErrLine)
|
||||
{
|
||||
throw new \MailSo\Base\Exceptions\Exception($sErrStr, $iErrNo);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sServerName
|
||||
* @param int $iPort
|
||||
* @param int $iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT
|
||||
* @param bool $bCapturePeerCertIfSsl = false
|
||||
* @param bool $bVerifySsl = false
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
|
|
@ -181,7 +194,7 @@ abstract class NetClient
|
|||
* @throws \MailSo\Net\Exceptions\SocketCanNotConnectToHostException
|
||||
*/
|
||||
public function Connect($sServerName, $iPort,
|
||||
$iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT, $bCapturePeerCertIfSsl = false)
|
||||
$iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT, $bVerifySsl = false)
|
||||
{
|
||||
if (!\MailSo\Base\Validator::NotEmptyString($sServerName, true) || !\MailSo\Base\Validator::PortInt($iPort))
|
||||
{
|
||||
|
|
@ -202,17 +215,22 @@ abstract class NetClient
|
|||
$sErrorStr = '';
|
||||
$iErrorNo = 0;
|
||||
|
||||
$this->iSecurityType = $iSecurityType;
|
||||
$this->sConnectedHost = $sServerName;
|
||||
$this->iConnectedPort = $iPort;
|
||||
$this->bSecure = \MailSo\Net\Enumerations\ConnectionSecurityType::UseSSL($iPort, $iSecurityType);
|
||||
$this->sConnectedHost = $this->bSecure ? 'ssl://'.$sServerName : $sServerName;
|
||||
|
||||
$bCapturePeerCertIfSsl = !!($bCapturePeerCertIfSsl && $this->bSecure);
|
||||
$this->iSecurityType = $iSecurityType;
|
||||
$this->bSecure = \MailSo\Net\Enumerations\ConnectionSecurityType::UseSSL(
|
||||
$this->iConnectedPort, $this->iSecurityType);
|
||||
|
||||
$this->sConnectedHost = \in_array(\strtolower(\substr($this->sConnectedHost, 0, 6)), array('ssl://', 'tcp://')) ?
|
||||
\substr($this->sConnectedHost, 6) : $this->sConnectedHost;
|
||||
|
||||
$this->sConnectedHost = ($this->bSecure ? 'ssl://' : 'tcp://').$this->sConnectedHost;
|
||||
// $this->sConnectedHost = ($this->bSecure ? 'ssl://' : '').$this->sConnectedHost;
|
||||
|
||||
if (!$this->bSecure && \MailSo\Net\Enumerations\ConnectionSecurityType::SSL === $this->iSecurityType)
|
||||
{
|
||||
$this->writeLogException(
|
||||
new \MailSo\Net\Exceptions\SocketUnsuppoterdSecureConnectionException('SSL isn\'t supported'),
|
||||
new \MailSo\Net\Exceptions\SocketUnsuppoterdSecureConnectionException('SSL isn\'t supported: ('.\implode(', ', \stream_get_transports()).')'),
|
||||
\MailSo\Log\Enumerations\Type::ERROR, true);
|
||||
}
|
||||
|
||||
|
|
@ -220,24 +238,33 @@ abstract class NetClient
|
|||
$this->writeLog('Start connection to "'.$this->sConnectedHost.':'.$this->iConnectedPort.'"',
|
||||
\MailSo\Log\Enumerations\Type::NOTE);
|
||||
|
||||
if ($bCapturePeerCertIfSsl && \MailSo\Base\Utils::FunctionExistsAndEnabled('stream_context_create') &&
|
||||
\MailSo\Base\Utils::FunctionExistsAndEnabled('stream_socket_client') && defined('STREAM_CLIENT_CONNECT'))
|
||||
{
|
||||
$rStreamContext = \stream_context_create(array('ssl' => array('capture_peer_cert' => true)));
|
||||
$sRemoteSocket = (0 === \strpos($this->sConnectedHost, 'ssl://')
|
||||
? $this->sConnectedHost : 'tcp://'.$this->sConnectedHost).':'.$this->iConnectedPort;
|
||||
// $this->rConnect = @\fsockopen($this->sConnectedHost, $this->iConnectedPort,
|
||||
// $iErrorNo, $sErrorStr, $this->iConnectTimeOut);
|
||||
|
||||
if ($rStreamContext)
|
||||
{
|
||||
$this->rConnect = @\stream_socket_client($sRemoteSocket, $iErrorNo, $sErrorStr,
|
||||
$this->iConnectTimeOut, STREAM_CLIENT_CONNECT, $rStreamContext);
|
||||
}
|
||||
}
|
||||
else
|
||||
$bVerifySsl = !!$bVerifySsl;
|
||||
$rStreamContext = \stream_context_create(array(
|
||||
'ssl' => array(
|
||||
'verify_host' => $bVerifySsl,
|
||||
'verify_peer' => $bVerifySsl,
|
||||
'verify_peer_name' => $bVerifySsl,
|
||||
'allow_self_signed' => !$bVerifySsl
|
||||
)
|
||||
));
|
||||
|
||||
\set_error_handler(array(&$this, 'capturePhpErrorWithException'));
|
||||
|
||||
try
|
||||
{
|
||||
$this->rConnect = @\fsockopen($this->sConnectedHost, $this->iConnectedPort,
|
||||
$iErrorNo, $sErrorStr, $this->iConnectTimeOut);
|
||||
$this->rConnect = \stream_socket_client($this->sConnectedHost.':'.$this->iConnectedPort,
|
||||
$iErrorNo, $sErrorStr, $this->iConnectTimeOut, STREAM_CLIENT_CONNECT, $rStreamContext);
|
||||
}
|
||||
catch (\Exception $oExc)
|
||||
{
|
||||
$sErrorStr = $oExc->getMessage();
|
||||
$iErrorNo = $oExc->getCode();
|
||||
}
|
||||
|
||||
\restore_error_handler();
|
||||
|
||||
if (!\is_resource($this->rConnect))
|
||||
{
|
||||
|
|
@ -515,6 +542,11 @@ abstract class NetClient
|
|||
{
|
||||
if ($this->oLogger)
|
||||
{
|
||||
if ($oException instanceof Exceptions\SocketCanNotConnectToHostException)
|
||||
{
|
||||
$this->oLogger->Write('Socket: ['.$oException->getSocketCode().'] '.$oException->getSocketMessage(), $iDescType, $this->getLogName());
|
||||
}
|
||||
|
||||
$this->oLogger->WriteException($oException, $iDescType, $this->getLogName());
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -141,6 +141,7 @@ class SmtpClient extends \MailSo\Net\NetClient
|
|||
* @param int $iPort = 25
|
||||
* @param string $sEhloHost = '[127.0.0.1]'
|
||||
* @param int $iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT
|
||||
* @param bool $bVerifySsl = false
|
||||
*
|
||||
* @return \MailSo\Smtp\SmtpClient
|
||||
*
|
||||
|
|
@ -149,11 +150,11 @@ class SmtpClient extends \MailSo\Net\NetClient
|
|||
* @throws \MailSo\Smtp\Exceptions\ResponseException
|
||||
*/
|
||||
public function Connect($sServerName, $iPort = 25, $sEhloHost = '[127.0.0.1]',
|
||||
$iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT)
|
||||
$iSecurityType = \MailSo\Net\Enumerations\ConnectionSecurityType::AUTO_DETECT, $bVerifySsl = false)
|
||||
{
|
||||
$this->iRequestTime = microtime(true);
|
||||
|
||||
parent::Connect($sServerName, $iPort, $iSecurityType);
|
||||
parent::Connect($sServerName, $iPort, $iSecurityType, $bVerifySsl);
|
||||
$this->validateResponse(220);
|
||||
|
||||
$this->preLoginStartTLSAndEhloProcess($sEhloHost);
|
||||
|
|
|
|||
|
|
@ -2777,26 +2777,14 @@ class Actions
|
|||
$oDomain = $this->DomainProvider()->LoadOrCreateNewFromAction($this, 'domain-test-connection.de');
|
||||
if ($oDomain)
|
||||
{
|
||||
// $bOpenSSL = \MailSo\Base\Utils::FunctionExistsAndEnabled('openssl_x509_parse');
|
||||
$bOpenSSL = false; // TODO in dev
|
||||
|
||||
try
|
||||
{
|
||||
$oImapClient = \MailSo\Imap\ImapClient::NewInstance()->SetLogger($this->Logger());
|
||||
$oImapClient->SetTimeOuts(5);
|
||||
|
||||
$iTime = \microtime(true);
|
||||
$oImapClient->Connect($oDomain->IncHost($oDomain->Name()), $oDomain->IncPort(), $oDomain->IncSecure(), $bOpenSSL);
|
||||
|
||||
if ($bOpenSSL)
|
||||
{
|
||||
$aStreamContextParams = $oImapClient->StreamContextParams();
|
||||
if (isset($aStreamContextParams['options']['ssl']['peer_certificate']))
|
||||
{
|
||||
$aParseData = @\openssl_x509_parse($aStreamContextParams['options']['ssl']['peer_certificate']);
|
||||
$this->Logger()->WriteDump($aParseData);
|
||||
}
|
||||
}
|
||||
$oImapClient->Connect($oDomain->IncHost($oDomain->Name()), $oDomain->IncPort(),
|
||||
$oDomain->IncSecure(), $oDomain->IncVerifySsl());
|
||||
|
||||
$iImapTime = \microtime(true) - $iTime;
|
||||
$oImapClient->Disconnect();
|
||||
|
|
@ -2823,17 +2811,8 @@ class Actions
|
|||
$oSmtpClient->SetTimeOuts(5);
|
||||
|
||||
$iTime = \microtime(true);
|
||||
$oSmtpClient->Connect($oDomain->OutHost($oDomain->Name()), $oDomain->OutPort(), '127.0.0.1', $oDomain->OutSecure(), $bOpenSSL);
|
||||
|
||||
if ($bOpenSSL)
|
||||
{
|
||||
$aStreamContextParams = $oSmtpClient->StreamContextParams();
|
||||
if (isset($aStreamContextParams['options']['ssl']['peer_certificate']))
|
||||
{
|
||||
$aParseData = @\openssl_x509_parse($aStreamContextParams['options']['ssl']['peer_certificate']);
|
||||
$this->Logger()->WriteDump($aParseData);
|
||||
}
|
||||
}
|
||||
$oSmtpClient->Connect($oDomain->OutHost($oDomain->Name()), $oDomain->OutPort(), '127.0.0.1',
|
||||
$oDomain->OutSecure(), $oDomain->OutVerifySsl());
|
||||
|
||||
$iSmtpTime = \microtime(true) - $iTime;
|
||||
$oSmtpClient->Disconnect();
|
||||
|
|
|
|||
|
|
@ -28,6 +28,11 @@ class Domain
|
|||
*/
|
||||
private $iIncSecure;
|
||||
|
||||
/**
|
||||
* @var bool
|
||||
*/
|
||||
private $bIncVerifySsl;
|
||||
|
||||
/**
|
||||
* @var bool
|
||||
*/
|
||||
|
|
@ -48,6 +53,11 @@ class Domain
|
|||
*/
|
||||
private $iOutSecure;
|
||||
|
||||
/**
|
||||
* @var bool
|
||||
*/
|
||||
private $bOutVerifySsl;
|
||||
|
||||
/**
|
||||
* @var bool
|
||||
*/
|
||||
|
|
@ -83,10 +93,12 @@ class Domain
|
|||
$this->sIncHost = $sIncHost;
|
||||
$this->iIncPort = $iIncPort;
|
||||
$this->iIncSecure = $iIncSecure;
|
||||
$this->bIncVerifySsl = false;
|
||||
$this->bIncShortLogin = $bIncShortLogin;
|
||||
$this->sOutHost = $sOutHost;
|
||||
$this->iOutPort = $iOutPort;
|
||||
$this->iOutSecure = $iOutSecure;
|
||||
$this->bOutVerifySsl = false;
|
||||
$this->bOutShortLogin = $bOutShortLogin;
|
||||
$this->bOutAuth = $bOutAuth;
|
||||
$this->sWhiteList = \trim($sWhiteList);
|
||||
|
|
@ -311,6 +323,14 @@ class Domain
|
|||
return $this->iIncSecure;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function IncVerifySsl()
|
||||
{
|
||||
return $this->bIncVerifySsl;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
|
|
@ -344,6 +364,14 @@ class Domain
|
|||
return $this->iOutSecure;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function OutVerifySsl()
|
||||
{
|
||||
return $this->bOutVerifySsl;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue