From 7b3cb69cb16b50e3e46e3edfb2e877c9d53f8502 Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Mon, 23 May 2016 09:42:59 +0000
Subject: [PATCH] smtp : check the certificate by default when using SSL (but
 add the paramter to skip the test)

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2723 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 smtp.php | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/smtp.php b/smtp.php
index 9757c4d..a204d32 100644
--- a/smtp.php
+++ b/smtp.php
@@ -21,11 +21,15 @@ class smtp
   public $port = 25;
   /** The SMTPS support by tunnelling the session in SSL transport */
   public $ssl = false;
+  /** Check the certification chain in SSL mode */
+  public $sslCheck = true;
   /** The Timeout between the answer of the SMTP server. If the server don't
     * answer in this time, an exception is raised */
   public $timeout = 10;
   /** Activate STARTTLS if needed. Allowed values : none, may, encrypt*/
-  public $starttls = "none";
+  public $starttls = "may";
+  /** Check the certificate in STARTTLS */
+  public $starttlsCheck = false;
   /** The authentication methods in an array. Allowed : plain, login*/
   public $authmethods = array ("plain", "login");
   /** The socket of the connection */
@@ -34,16 +38,29 @@ class smtp
   /** Connect to the SMTP server */
   public function connect ()
   {
+    $context = array ();
     if ($this->ssl)
+    {
       $this->server = "tls://$this->server";
+      $context["ssl"]["verify_peer_name"] = $this->sslCheck;
+      $context["ssl"]["verify_peer"] = $this->sslCheck;
+    }
+    $mainContext = stream_context_create ($context);
     $this->debug ("####SMTP Connection to $this->server:$this->port (".
                   date ("Y/m/d H:i:s").")\n");
-    $this->smtpStream = @fsockopen ($this->server, $this->port,
+    ini_set('track_errors', 1); 
+    $this->smtpStream = @stream_socket_client ("$this->server:$this->port",
                                     $errno, $errstr,
-                                    $this->timeout);
+                                    $this->timeout, STREAM_CLIENT_CONNECT,
+                                    $mainContext);
+    ini_set('track_errors', 0); 
     if ($this->smtpStream === false)
+    {
+      if ($errstr === "" && $php_errormsg !== "")
+        $errstr = $php_errormsg;
       throw new \Exception (sprintf (_("Can't connect to SMTP server : %s"),
                                      $errstr), 500);
+    }
     stream_set_timeout ($this->smtpStream, $this->timeout);
     // Wait for banner
     $banner = $this->getLine ("SMTP Banner");
@@ -56,14 +73,17 @@ class smtp
       if ($this->starttls === "may" || $this->starttls === "encrypt")
       {
         $this->putLine ("STARTTLS\r\n");
+        $context["ssl"]["verify_peer_name"] = $this->starttlsCheck;
+        $context["ssl"]["verify_peer"] = $this->starttlsCheck;
+        stream_context_set_option ($this->smtpStream, $context);
         // The track_errors permit to create the $php_errormsg in case of
         // warning
         ini_set('track_errors', 1); 
         if (@stream_socket_enable_crypto ($this->smtpStream, true,
                                          STREAM_CRYPTO_METHOD_TLS_CLIENT) ===
             false)
-          throw new \Exception (sprintf (_("Can't activate STARTTLS : %s"),
-                                $php_errormsg), 500);
+          throw new \Exception (sprintf (_("Can't activate STARTTLS %s"),
+                                strstr ($php_errormsg, ": ")), 500);
         ini_set('track_errors', 0);
         $this->debug ("STARTTLS ACTIVATED\n");
       }