Merge pull request #4784 from rubencm/ticket/15150

[ticket/15150] Add Jabber SSL context configuration options
author: Marc Alexander <admin@m-a-styles.de> 2017-06-05 11:00:38 +0200
committer: Marc Alexander <admin@m-a-styles.de> 2017-06-05 11:00:38 +0200
commit: a6939fcb8ec09b98a4593bb472499bbc5c20d12e (patch)
tree: a7f649b1719c0d9a23f5d328292a304abeeddf0b /phpBB/includes
parent: fb29d79bc111c397aa98466d3579fea3c70cacc6 (diff)
parent: 4efcfc2477da2b301492836300d5b529465f2216 (diff)
download: forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar
forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar.gz
forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar.bz2
forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar.xz
forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.zip
3 files changed, 63 insertions, 21 deletions
diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php
index a482b41e1d..3b958c0ea1 100644
--- a/phpBB/includes/acp/acp_jabber.php
+++ b/phpBB/includes/acp/acp_jabber.php
@@ -50,13 +50,16 @@ class acp_jabber
 		$this->tpl_name = 'acp_jabber';
 		$this->page_title = 'ACP_JABBER_SETTINGS';
 
-		$jab_enable			= request_var('jab_enable',			(bool) $config['jab_enable']);
-		$jab_host			= request_var('jab_host',			(string) $config['jab_host']);
-		$jab_port			= request_var('jab_port',			(int) $config['jab_port']);
-		$jab_username		= request_var('jab_username',		(string) $config['jab_username']);
-		$jab_password		= request_var('jab_password',		(string) $config['jab_password']);
-		$jab_package_size	= request_var('jab_package_size',	(int) $config['jab_package_size']);
-		$jab_use_ssl		= request_var('jab_use_ssl',		(bool) $config['jab_use_ssl']);
+		$jab_enable				= request_var('jab_enable',				(bool) $config['jab_enable']);
+		$jab_host				= request_var('jab_host',				(string) $config['jab_host']);
+		$jab_port				= request_var('jab_port',				(int) $config['jab_port']);
+		$jab_username			= request_var('jab_username',			(string) $config['jab_username']);
+		$jab_password			= request_var('jab_password',			(string) $config['jab_password']);
+		$jab_package_size		= request_var('jab_package_size',		(int) $config['jab_package_size']);
+		$jab_use_ssl			= request_var('jab_use_ssl',			(bool) $config['jab_use_ssl']);
+		$jab_verify_peer		= request_var('jab_verify_peer',		(bool) $config['jab_verify_peer']);
+		$jab_verify_peer_name	= request_var('jab_verify_peer_name',	(bool) $config['jab_verify_peer_name']);
+		$jab_allow_self_signed	= request_var('jab_allow_self_signed',	(bool) $config['jab_allow_self_signed']);
 
 		$form_name = 'acp_jabber';
 		add_form_key($form_name);
@@ -76,7 +79,7 @@ class acp_jabber
 			// Is this feature enabled? Then try to establish a connection
 			if ($jab_enable)
 			{
-				$jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl);
+				$jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl, $jab_verify_peer, $jab_verify_peer_name, $jab_allow_self_signed);
 
 				if (!$jabber->connect())
 				{
@@ -116,6 +119,9 @@ class acp_jabber
 			}
 			set_config('jab_package_size', $jab_package_size);
 			set_config('jab_use_ssl', $jab_use_ssl);
+			set_config('jab_verify_peer', $jab_verify_peer);
+			set_config('jab_verify_peer_name', $jab_verify_peer_name);
+			set_config('jab_allow_self_signed', $jab_allow_self_signed);
 
 			add_log('admin', 'LOG_' . $log);
 			trigger_error($message . adm_back_link($this->u_action));
@@ -131,6 +137,9 @@ class acp_jabber
 			'JAB_PASSWORD'			=> $jab_password !== '' ? '********' : '',
 			'JAB_PACKAGE_SIZE'		=> $jab_package_size,
 			'JAB_USE_SSL'			=> $jab_use_ssl,
+			'JAB_VERIFY_PEER'		=> $jab_verify_peer,
+			'JAB_VERIFY_PEER_NAME'	=> $jab_verify_peer_name,
+			'JAB_ALLOW_SELF_SIGNED'	=> $jab_allow_self_signed,
 			'S_CAN_USE_SSL'			=> jabber::can_use_ssl(),
 			'S_GTALK_NOTE'			=> (!@function_exists('dns_get_record')) ? true : false,
 		));
diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php
index bd2e9e93ac..c9ec6fea61 100644
--- a/phpBB/includes/functions_jabber.php
+++ b/phpBB/includes/functions_jabber.php
@@ -41,6 +41,9 @@ class jabber
 	var $username;
 	var $password;
 	var $use_ssl;
+	var $verify_peer;
+	var $verify_peer_name;
+	var $allow_self_signed;
 	var $resource = 'functions_jabber.phpbb.php';
 
 	var $enable_logging;
@@ -49,8 +52,18 @@ class jabber
 	var $features = array();
 
 	/**
+	* Constructor
+	*
+	* @param string $server Jabber server
+	* @param int $port Jabber server port
+	* @param string $username Jabber username or JID
+	* @param string $password Jabber password
+	* @param boold $use_ssl Use ssl
+	* @param bool $verify_peer Verify SSL certificate
+	* @param bool $verify_peer_name Verify Jabber peer name
+	* @param bool $allow_self_signed Allow self signed certificates
 	*/
-	function jabber($server, $port, $username, $password, $use_ssl = false)
+	function __construct($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false)
 	{
 		$this->connect_server		= ($server) ? $server : 'localhost';
 		$this->port					= ($port) ? $port : 5222;
@@ -71,6 +84,9 @@ class jabber
 
 		$this->password				= $password;
 		$this->use_ssl				= ($use_ssl && self::can_use_ssl()) ? true : false;
+		$this->verify_peer			= $verify_peer;
+		$this->verify_peer_name		= $verify_peer_name;
+		$this->allow_self_signed	= $allow_self_signed;
 
 		// Change port if we use SSL
 		if ($this->port == 5222 && $this->use_ssl)
@@ -96,7 +112,7 @@ class jabber
 	*/
 	static public function can_use_tls()
 	{
-		if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking') || !function_exists('stream_get_wrappers'))
+		if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('stream_set_blocking') || !function_exists('stream_get_wrappers'))
 		{
 			return false;
 		}
@@ -139,7 +155,7 @@ class jabber
 
 		$this->session['ssl'] = $this->use_ssl;
 
-		if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl))
+		if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl, $this->verify_peer, $this->verify_peer_name, $this->allow_self_signed))
 		{
 			$this->send("<?xml version='1.0' encoding='UTF-8' ?" . ">\n");
 			$this->send("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n");
@@ -227,10 +243,13 @@ class jabber
 	* @param string $server host to connect to
 	* @param int $port port number
 	* @param bool $use_ssl use ssl or not
+	* @param bool $verify_peer verify ssl certificate
+	* @param bool $verify_peer_name verify peer name
+	* @param bool $allow_self_signed allow self-signed ssl certificates
 	* @access public
 	* @return bool
 	*/
-	function open_socket($server, $port, $use_ssl = false)
+	function open_socket($server, $port, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed)
 	{
 		if (@function_exists('dns_get_record'))
 		{
@@ -241,12 +260,26 @@ class jabber
 			}
 		}
 
-		$server = $use_ssl ? 'ssl://' . $server : $server;
+		$options = array();
 
-		if ($this->connection = @fsockopen($server, $port, $errorno, $errorstr, $this->timeout))
+		if ($use_ssl)
 		{
-			socket_set_blocking($this->connection, 0);
-			socket_set_timeout($this->connection, 60);
+			$remote_socket = 'ssl://' . $server . ':' . $port;
+
+			// Set ssl context options, see http://php.net/manual/en/context.ssl.php
+			$options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
+		}
+		else
+		{
+			$remote_socket = $server . ':' . $port;
+		}
+
+		$socket_context = stream_context_create($options);
+
+		if ($this->connection = @stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context))
+		{
+			stream_set_blocking($this->connection, 0);
+			stream_set_timeout($this->connection, 60);
 
 			return true;
 		}
@@ -563,7 +596,7 @@ class jabber
 			case 'proceed':
 				// continue switching to TLS
 				$meta = stream_get_meta_data($this->connection);
-				socket_set_blocking($this->connection, 1);
+				stream_set_blocking($this->connection, 1);
 
 				if (!stream_socket_enable_crypto($this->connection, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
 				{
@@ -571,7 +604,7 @@ class jabber
 					return false;
 				}
 
-				socket_set_blocking($this->connection, $meta['blocked']);
+				stream_set_blocking($this->connection, $meta['blocked']);
 				$this->session['tls'] = true;
 
 				// new stream
diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php
index a6e4cb0679..9dbf9d5ef9 100644
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -625,7 +625,7 @@ class messenger
 		if (!$use_queue)
 		{
 			include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']);
+			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 			if (!$this->jabber->connect())
 			{
@@ -800,7 +800,7 @@ class queue
 					}
 
 					include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']);
+					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 					if (!$this->jabber->connect())
 					{
@@ -1057,7 +1057,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	$options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
 	$socket_context = stream_context_create($options);
 
-	$smtp->socket = stream_socket_client($remote_socket, $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $socket_context);
+	$smtp->socket = @stream_socket_client($remote_socket, $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $socket_context);
 	$collector->uninstall();
 	$error_contents = $collector->format_errors();
author	Marc Alexander <admin@m-a-styles.de>	2017-06-05 11:00:38 +0200
committer	Marc Alexander <admin@m-a-styles.de>	2017-06-05 11:00:38 +0200
commit	a6939fcb8ec09b98a4593bb472499bbc5c20d12e (patch)
tree	a7f649b1719c0d9a23f5d328292a304abeeddf0b /phpBB/includes
parent	fb29d79bc111c397aa98466d3579fea3c70cacc6 (diff)
parent	4efcfc2477da2b301492836300d5b529465f2216 (diff)
download	forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar.gz forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar.bz2 forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.tar.xz forums-a6939fcb8ec09b98a4593bb472499bbc5c20d12e.zip