smtp : check the certificate by default when using SSL (but add the paramter to skip the test)

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2723 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2016-05-23 09:42:59 +00:00
parent 8e86bee838
commit 7b3cb69cb1
1 changed files with 25 additions and 5 deletions
--- a/smtp.php
+++ b/smtp.php
@@ -21,11 +21,15 @@ class smtp
  public $port = 25;
  /** The SMTPS support by tunnelling the session in SSL transport */
  public $ssl = false;
+  /** Check the certification chain in SSL mode */
+  public $sslCheck = true;
  /** The Timeout between the answer of the SMTP server. If the server don't
    * answer in this time, an exception is raised */
  public $timeout = 10;
  /** Activate STARTTLS if needed. Allowed values : none, may, encrypt*/
-  public $starttls = "none";
+  public $starttls = "may";
+  /** Check the certificate in STARTTLS */
+  public $starttlsCheck = false;
  /** The authentication methods in an array. Allowed : plain, login*/
  public $authmethods = array ("plain", "login");
  /** The socket of the connection */
@@ -34,16 +38,29 @@ class smtp
  /** Connect to the SMTP server */
  public function connect ()
  {
+    $context = array ();
    if ($this->ssl)
+    {
      $this->server = "tls://$this->server";
+      $context["ssl"]["verify_peer_name"] = $this->sslCheck;
+      $context["ssl"]["verify_peer"] = $this->sslCheck;
+    }
+    $mainContext = stream_context_create ($context);
    $this->debug ("####SMTP Connection to $this->server:$this->port (".
                  date ("Y/m/d H:i:s").")\n");
-    $this->smtpStream = @fsockopen ($this->server, $this->port,
+    ini_set('track_errors', 1); 
+    $this->smtpStream = @stream_socket_client ("$this->server:$this->port",
                                    $errno, $errstr,
-                                    $this->timeout);
+                                    $this->timeout, STREAM_CLIENT_CONNECT,
+                                    $mainContext);
+    ini_set('track_errors', 0); 
    if ($this->smtpStream === false)
+    {
+      if ($errstr === "" && $php_errormsg !== "")
+        $errstr = $php_errormsg;
      throw new \Exception (sprintf (_("Can't connect to SMTP server : %s"),
                                     $errstr), 500);
+    }
    stream_set_timeout ($this->smtpStream, $this->timeout);
    // Wait for banner
    $banner = $this->getLine ("SMTP Banner");
@@ -56,14 +73,17 @@ class smtp
      if ($this->starttls === "may" || $this->starttls === "encrypt")
      {
        $this->putLine ("STARTTLS\r\n");
+        $context["ssl"]["verify_peer_name"] = $this->starttlsCheck;
+        $context["ssl"]["verify_peer"] = $this->starttlsCheck;
+        stream_context_set_option ($this->smtpStream, $context);
        // The track_errors permit to create the $php_errormsg in case of
        // warning
        ini_set('track_errors', 1); 
        if (@stream_socket_enable_crypto ($this->smtpStream, true,
                                         STREAM_CRYPTO_METHOD_TLS_CLIENT) ===
            false)
-          throw new \Exception (sprintf (_("Can't activate STARTTLS : %s"),
-                                $php_errormsg), 500);
+          throw new \Exception (sprintf (_("Can't activate STARTTLS %s"),
+                                strstr ($php_errormsg, ": ")), 500);
        ini_set('track_errors', 0);
        $this->debug ("STARTTLS ACTIVATED\n");
      }