aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions_jabber.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions_jabber.php')
-rw-r--r--phpBB/includes/functions_jabber.php53
1 files changed, 43 insertions, 10 deletions
diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php
index bd2e9e93ac..c9ec6fea61 100644
--- a/phpBB/includes/functions_jabber.php
+++ b/phpBB/includes/functions_jabber.php
@@ -41,6 +41,9 @@ class jabber
var $username;
var $password;
var $use_ssl;
+ var $verify_peer;
+ var $verify_peer_name;
+ var $allow_self_signed;
var $resource = 'functions_jabber.phpbb.php';
var $enable_logging;
@@ -49,8 +52,18 @@ class jabber
var $features = array();
/**
+ * Constructor
+ *
+ * @param string $server Jabber server
+ * @param int $port Jabber server port
+ * @param string $username Jabber username or JID
+ * @param string $password Jabber password
+ * @param boold $use_ssl Use ssl
+ * @param bool $verify_peer Verify SSL certificate
+ * @param bool $verify_peer_name Verify Jabber peer name
+ * @param bool $allow_self_signed Allow self signed certificates
*/
- function jabber($server, $port, $username, $password, $use_ssl = false)
+ function __construct($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false)
{
$this->connect_server = ($server) ? $server : 'localhost';
$this->port = ($port) ? $port : 5222;
@@ -71,6 +84,9 @@ class jabber
$this->password = $password;
$this->use_ssl = ($use_ssl && self::can_use_ssl()) ? true : false;
+ $this->verify_peer = $verify_peer;
+ $this->verify_peer_name = $verify_peer_name;
+ $this->allow_self_signed = $allow_self_signed;
// Change port if we use SSL
if ($this->port == 5222 && $this->use_ssl)
@@ -96,7 +112,7 @@ class jabber
*/
static public function can_use_tls()
{
- if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking') || !function_exists('stream_get_wrappers'))
+ if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('stream_set_blocking') || !function_exists('stream_get_wrappers'))
{
return false;
}
@@ -139,7 +155,7 @@ class jabber
$this->session['ssl'] = $this->use_ssl;
- if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl))
+ if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl, $this->verify_peer, $this->verify_peer_name, $this->allow_self_signed))
{
$this->send("<?xml version='1.0' encoding='UTF-8' ?" . ">\n");
$this->send("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n");
@@ -227,10 +243,13 @@ class jabber
* @param string $server host to connect to
* @param int $port port number
* @param bool $use_ssl use ssl or not
+ * @param bool $verify_peer verify ssl certificate
+ * @param bool $verify_peer_name verify peer name
+ * @param bool $allow_self_signed allow self-signed ssl certificates
* @access public
* @return bool
*/
- function open_socket($server, $port, $use_ssl = false)
+ function open_socket($server, $port, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed)
{
if (@function_exists('dns_get_record'))
{
@@ -241,12 +260,26 @@ class jabber
}
}
- $server = $use_ssl ? 'ssl://' . $server : $server;
+ $options = array();
- if ($this->connection = @fsockopen($server, $port, $errorno, $errorstr, $this->timeout))
+ if ($use_ssl)
{
- socket_set_blocking($this->connection, 0);
- socket_set_timeout($this->connection, 60);
+ $remote_socket = 'ssl://' . $server . ':' . $port;
+
+ // Set ssl context options, see http://php.net/manual/en/context.ssl.php
+ $options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
+ }
+ else
+ {
+ $remote_socket = $server . ':' . $port;
+ }
+
+ $socket_context = stream_context_create($options);
+
+ if ($this->connection = @stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context))
+ {
+ stream_set_blocking($this->connection, 0);
+ stream_set_timeout($this->connection, 60);
return true;
}
@@ -563,7 +596,7 @@ class jabber
case 'proceed':
// continue switching to TLS
$meta = stream_get_meta_data($this->connection);
- socket_set_blocking($this->connection, 1);
+ stream_set_blocking($this->connection, 1);
if (!stream_socket_enable_crypto($this->connection, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
{
@@ -571,7 +604,7 @@ class jabber
return false;
}
- socket_set_blocking($this->connection, $meta['blocked']);
+ stream_set_blocking($this->connection, $meta['blocked']);
$this->session['tls'] = true;
// new stream
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-22 07:53:28 +0000