Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Web] Fixes TLSA for self-signed certs, closes #997

Browse Source
This commit is contained in:
andre.peters 2018-02-03 19:13:15 +01:00
parent 0e7cd4eeeb
commit 3feabe00a2
2 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
data/web/inc/ajax/dns_diagnostics.php
View File

@ -13,22 +13,22 @@ $domains = mailbox('get', 'domains');
foreach(mailbox('get', 'domains') as $dn) { foreach(mailbox('get', 'domains') as $dn) {
$domains = array_merge($domains, mailbox('get', 'alias_domains', $dn)); $domains = array_merge($domains, mailbox('get', 'alias_domains', $dn));
} }
if (isset($_GET['domain'])) {
if (is_valid_domain_name($_GET['domain'])) {
if (in_array($_GET['domain'], $domains)) {
$domain = $_GET['domain']; $domain = $_GET['domain'];
}
else { // if (isset($_GET['domain'])) {
echo "No such domain in context"; // if (is_valid_domain_name($_GET['domain'])) {
die(); // if (in_array($_GET['domain'], $domains)) {
} // }
} // else {
else { // echo "No such domain in context";
echo "Invalid domain name"; // die();
die(); // }
} // }
} // else {
// echo "Invalid domain name";
// die();
// }
// }
$ch = curl_init('http://ip4.mailcow.email'); $ch = curl_init('http://ip4.mailcow.email');
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);

3
data/web/inc/functions.inc.php
View File

@ -74,7 +74,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
return "Not a valid hostname"; return "Not a valid hostname";
} }
if (empty($starttls)) { if (empty($starttls)) {
$context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'allow_self_signed' => true))); $context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)));
$stream = stream_socket_client('ssl://' . $hostname . ':' . $port, $error_nr, $error_msg, 5, STREAM_CLIENT_CONNECT, $context); $stream = stream_socket_client('ssl://' . $hostname . ':' . $port, $error_nr, $error_msg, 5, STREAM_CLIENT_CONNECT, $context);
if (!$stream) { if (!$stream) {
$error_msg = isset($error_msg) ? $error_msg : '-'; $error_msg = isset($error_msg) ? $error_msg : '-';
@ -112,6 +112,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
stream_set_blocking($stream, true); stream_set_blocking($stream, true);
stream_context_set_option($stream, 'ssl', 'capture_peer_cert', true); stream_context_set_option($stream, 'ssl', 'capture_peer_cert', true);
stream_context_set_option($stream, 'ssl', 'verify_peer', false); stream_context_set_option($stream, 'ssl', 'verify_peer', false);
stream_context_set_option($stream, 'ssl', 'verify_peer_name', false);
stream_context_set_option($stream, 'ssl', 'allow_self_signed', true); stream_context_set_option($stream, 'ssl', 'allow_self_signed', true);
stream_socket_enable_crypto($stream, true, STREAM_CRYPTO_METHOD_ANY_CLIENT); stream_socket_enable_crypto($stream, true, STREAM_CRYPTO_METHOD_ANY_CLIENT);
stream_set_blocking($stream, false); stream_set_blocking($stream, false);