Changeset 2388 in subversion

Timestamp:

Apr 14, 2009 3:35:12 AM (4 years ago)

Author:

alec

Message:

• Support STARTTLS in IMAP connection (#1485284)

Location:

trunk/roundcubemail

Files:

• CHANGELOG (modified) (1 diff)
• config/main.inc.php.dist (modified) (1 diff)
• program/include/rcmail.php (modified) (1 diff)
• program/lib/imap.inc (modified) (5 diffs)

trunk/roundcubemail/CHANGELOG

@@ -2 +2 @@
 ===========================
 
+- Support STARTTLS in IMAP connection (#1485284)
 - Fix DEL key problem in search boxes (#1485528)
 - Support several e-mail addresses per user from virtuser_file (#1485678)

trunk/roundcubemail/config/main.inc.php.dist

@@ -52 +52 @@
 // leave blank to show a textbox at login, give a list of hosts
 // to display a pulldown menu or set one host as string.
-// To use SSL connection, enter ssl://hostname:993
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
 $rcmail_config['default_host'] = '';
 

trunk/roundcubemail/program/include/rcmail.php

@@ -437 +437 @@
       $host = $a_host['host'];
       $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null;
-      $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : $config['default_port']);
-    }
-    else
-      $imap_port = $config['default_port'];
-
+      if(!empty($a_host['port']))
+        $imap_port = $a_host['port'];
+      else if ($imap_ssl && $imap_ssl != 'tls')
+        $imap_port = 993;
+    }
+    
+    $imap_port = $imap_port ? $imap_port : $config['default_port'];
 
     /* Modify username with domain if required  

trunk/roundcubemail/program/lib/imap.inc

@@ -336 +336 @@
         if ($bye && strncmp($string, '* BYE ', 6) == 0) {
                 return true;
+
         }
         return false;
@@ -382 +383 @@
 
         return false;
+}
+
+function iil_C_ClearCapability(&$conn)
+{
+        $conn->capability = array();
+        $conn->capability_readed = false;
 }
 
@@ -565 +572 @@
         $result = false;
         
-        //initialize connection
+        // initialize connection
         $conn              = new iilConnection;
         $conn->error       = '';
@@ -599 +606 @@
                 return false;
         }
+
         if (!$ICL_PORT) {
                 $ICL_PORT = 143;
         }
-    
         //check for SSL
-        if ($ICL_SSL) {
+        if ($ICL_SSL && $ICL_SSL != 'tls') {
                 $host = $ICL_SSL . '://' . $host;
         }
-        
-        //open socket connection
+
         $conn->fp = fsockopen($host, $ICL_PORT, $errno, $errstr, 10);
         if (!$conn->fp) {
@@ -625 +631 @@
 
         $conn->message .= $line;
+
+        // TLS connection
+        if ($ICL_SSL == 'tls' && iil_C_GetCapability($conn, 'STARTTLS')) {
+                if (version_compare(PHP_VERSION, '5.1.0', '>=')) {
+                        iil_PutLine($conn->fp, 'stls000 STARTTLS');
+
+                        $line = iil_ReadLine($conn->fp, 4096);
+                        if (!iil_StartsWith($line, 'stls000 OK')) {
+                                $iil_error = "Server responded to STARTTLS with: $line";
+                                $iil_errornum = -2;
+                                return false;
+                        }
+
+                        if (!stream_socket_enable_crypto($conn->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+                                $iil_error = "Unable to negotiate TLS";
+                                $iil_errornum = -2;
+                                return false;
+                        }
+                        
+                        // Now we're authenticated, capabilities need to be reread
+                        iil_C_ClearCapability($conn);
+                }
+        }
 
         if (strcasecmp($auth_method, "check") == 0) {