Permalink
Browse files

- Support STARTTLS in IMAP connection (#1485284)

  • Loading branch information...
alecpl committed Apr 14, 2009
1 parent 58c9dd7 commit f86e8f5faa0fb5926001f2dccd970e031e7cb59a
Showing with 42 additions and 10 deletions.
  1. +1 −0 CHANGELOG
  2. +1 −1 config/main.inc.php.dist
  3. +6 −4 program/include/rcmail.php
  4. +34 −5 program/lib/imap.inc
View
@@ -1,6 +1,7 @@
CHANGELOG RoundCube Webmail
===========================
+- Support STARTTLS in IMAP connection (#1485284)
- Fix DEL key problem in search boxes (#1485528)
- Support several e-mail addresses per user from virtuser_file (#1485678)
- Fix drag&drop with scrolling on IE (#1485786)
View
@@ -51,7 +51,7 @@ $rcmail_config['auto_create_user'] = TRUE;
// the mail host chosen to perform the log-in
// leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
-// To use SSL connection, enter ssl://hostname:993
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
$rcmail_config['default_host'] = '';
// TCP port used for IMAP connections
View
@@ -436,11 +436,13 @@ function login($username, $pass, $host=NULL)
if ($a_host['host']) {
$host = $a_host['host'];
$imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null;
- $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : $config['default_port']);
+ if(!empty($a_host['port']))
+ $imap_port = $a_host['port'];
+ else if ($imap_ssl && $imap_ssl != 'tls')
+ $imap_port = 993;
}
- else
- $imap_port = $config['default_port'];
-
+
+ $imap_port = $imap_port ? $imap_port : $config['default_port'];
/* Modify username with domain if required
Inspired by Marco <P0L0_notspam_binware.org>
View
@@ -335,6 +335,7 @@ function iil_StartsWithI($string, $match, $bye=false) {
}
if ($bye && strncmp($string, '* BYE ', 6) == 0) {
return true;
+
}
return false;
}
@@ -383,6 +384,12 @@ function iil_C_GetCapability(&$conn, $name)
return false;
}
+function iil_C_ClearCapability(&$conn)
+{
+ $conn->capability = array();
+ $conn->capability_readed = false;
+}
+
function iil_C_Authenticate(&$conn, $user, $pass, $encChallenge) {
$ipad = '';
@@ -564,7 +571,7 @@ function iil_Connect($host, $user, $password, $options=null) {
$result = false;
- //initialize connection
+ // initialize connection
$conn = new iilConnection;
$conn->error = '';
$conn->errorNum = 0;
@@ -598,16 +605,15 @@ function iil_Connect($host, $user, $password, $options=null) {
$iil_errornum = -1;
return false;
}
+
if (!$ICL_PORT) {
$ICL_PORT = 143;
}
-
//check for SSL
- if ($ICL_SSL) {
+ if ($ICL_SSL && $ICL_SSL != 'tls') {
$host = $ICL_SSL . '://' . $host;
}
-
- //open socket connection
+
$conn->fp = fsockopen($host, $ICL_PORT, $errno, $errstr, 10);
if (!$conn->fp) {
$iil_error = "Could not connect to $host at port $ICL_PORT: $errstr";
@@ -625,6 +631,29 @@ function iil_Connect($host, $user, $password, $options=null) {
$conn->message .= $line;
+ // TLS connection
+ if ($ICL_SSL == 'tls' && iil_C_GetCapability($conn, 'STARTTLS')) {
+ if (version_compare(PHP_VERSION, '5.1.0', '>=')) {
+ iil_PutLine($conn->fp, 'stls000 STARTTLS');
+
+ $line = iil_ReadLine($conn->fp, 4096);
+ if (!iil_StartsWith($line, 'stls000 OK')) {
+ $iil_error = "Server responded to STARTTLS with: $line";
+ $iil_errornum = -2;
+ return false;
+ }
+
+ if (!stream_socket_enable_crypto($conn->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+ $iil_error = "Unable to negotiate TLS";
+ $iil_errornum = -2;
+ return false;
+ }
+
+ // Now we're authenticated, capabilities need to be reread
+ iil_C_ClearCapability($conn);
+ }
+ }
+
if (strcasecmp($auth_method, "check") == 0) {
//check for supported auth methods
if (iil_C_GetCapability($conn, 'AUTH=CRAM-MD5') || iil_C_GetCapability($conn, 'AUTH=CRAM_MD5')) {

0 comments on commit f86e8f5

Please sign in to comment.