diff options
author | alecpl <alec@alec.pl> | 2009-04-14 07:35:12 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2009-04-14 07:35:12 +0000 |
commit | f86e8f5faa0fb5926001f2dccd970e031e7cb59a (patch) | |
tree | a1b1e0da98d9dd8ac885eb33ddc344d3c0537b34 /program/lib | |
parent | 58c9dd72935e9ea4403681997bb1beb291d70bd4 (diff) |
- Support STARTTLS in IMAP connection (#1485284)
Diffstat (limited to 'program/lib')
-rw-r--r-- | program/lib/imap.inc | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/program/lib/imap.inc b/program/lib/imap.inc index d343564d2..995d82fb6 100644 --- a/program/lib/imap.inc +++ b/program/lib/imap.inc @@ -335,6 +335,7 @@ function iil_StartsWithI($string, $match, $bye=false) { } if ($bye && strncmp($string, '* BYE ', 6) == 0) { return true; + } return false; } @@ -383,6 +384,12 @@ function iil_C_GetCapability(&$conn, $name) return false; } +function iil_C_ClearCapability(&$conn) +{ + $conn->capability = array(); + $conn->capability_readed = false; +} + function iil_C_Authenticate(&$conn, $user, $pass, $encChallenge) { $ipad = ''; @@ -564,7 +571,7 @@ function iil_Connect($host, $user, $password, $options=null) { $result = false; - //initialize connection + // initialize connection $conn = new iilConnection; $conn->error = ''; $conn->errorNum = 0; @@ -598,16 +605,15 @@ function iil_Connect($host, $user, $password, $options=null) { $iil_errornum = -1; return false; } + if (!$ICL_PORT) { $ICL_PORT = 143; } - //check for SSL - if ($ICL_SSL) { + if ($ICL_SSL && $ICL_SSL != 'tls') { $host = $ICL_SSL . '://' . $host; } - - //open socket connection + $conn->fp = fsockopen($host, $ICL_PORT, $errno, $errstr, 10); if (!$conn->fp) { $iil_error = "Could not connect to $host at port $ICL_PORT: $errstr"; @@ -625,6 +631,29 @@ function iil_Connect($host, $user, $password, $options=null) { $conn->message .= $line; + // TLS connection + if ($ICL_SSL == 'tls' && iil_C_GetCapability($conn, 'STARTTLS')) { + if (version_compare(PHP_VERSION, '5.1.0', '>=')) { + iil_PutLine($conn->fp, 'stls000 STARTTLS'); + + $line = iil_ReadLine($conn->fp, 4096); + if (!iil_StartsWith($line, 'stls000 OK')) { + $iil_error = "Server responded to STARTTLS with: $line"; + $iil_errornum = -2; + return false; + } + + if (!stream_socket_enable_crypto($conn->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + $iil_error = "Unable to negotiate TLS"; + $iil_errornum = -2; + return false; + } + + // Now we're authenticated, capabilities need to be reread + iil_C_ClearCapability($conn); + } + } + if (strcasecmp($auth_method, "check") == 0) { //check for supported auth methods if (iil_C_GetCapability($conn, 'AUTH=CRAM-MD5') || iil_C_GetCapability($conn, 'AUTH=CRAM_MD5')) { |