diff options
Diffstat (limited to 'phpBB/includes/functions_jabber.php')
-rw-r--r-- | phpBB/includes/functions_jabber.php | 53 |
1 files changed, 43 insertions, 10 deletions
diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index bd2e9e93ac..c9ec6fea61 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -41,6 +41,9 @@ class jabber var $username; var $password; var $use_ssl; + var $verify_peer; + var $verify_peer_name; + var $allow_self_signed; var $resource = 'functions_jabber.phpbb.php'; var $enable_logging; @@ -49,8 +52,18 @@ class jabber var $features = array(); /** + * Constructor + * + * @param string $server Jabber server + * @param int $port Jabber server port + * @param string $username Jabber username or JID + * @param string $password Jabber password + * @param boold $use_ssl Use ssl + * @param bool $verify_peer Verify SSL certificate + * @param bool $verify_peer_name Verify Jabber peer name + * @param bool $allow_self_signed Allow self signed certificates */ - function jabber($server, $port, $username, $password, $use_ssl = false) + function __construct($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) { $this->connect_server = ($server) ? $server : 'localhost'; $this->port = ($port) ? $port : 5222; @@ -71,6 +84,9 @@ class jabber $this->password = $password; $this->use_ssl = ($use_ssl && self::can_use_ssl()) ? true : false; + $this->verify_peer = $verify_peer; + $this->verify_peer_name = $verify_peer_name; + $this->allow_self_signed = $allow_self_signed; // Change port if we use SSL if ($this->port == 5222 && $this->use_ssl) @@ -96,7 +112,7 @@ class jabber */ static public function can_use_tls() { - if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking') || !function_exists('stream_get_wrappers')) + if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('stream_set_blocking') || !function_exists('stream_get_wrappers')) { return false; } @@ -139,7 +155,7 @@ class jabber $this->session['ssl'] = $this->use_ssl; - if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl)) + if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl, $this->verify_peer, $this->verify_peer_name, $this->allow_self_signed)) { $this->send("<?xml version='1.0' encoding='UTF-8' ?" . ">\n"); $this->send("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"); @@ -227,10 +243,13 @@ class jabber * @param string $server host to connect to * @param int $port port number * @param bool $use_ssl use ssl or not + * @param bool $verify_peer verify ssl certificate + * @param bool $verify_peer_name verify peer name + * @param bool $allow_self_signed allow self-signed ssl certificates * @access public * @return bool */ - function open_socket($server, $port, $use_ssl = false) + function open_socket($server, $port, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed) { if (@function_exists('dns_get_record')) { @@ -241,12 +260,26 @@ class jabber } } - $server = $use_ssl ? 'ssl://' . $server : $server; + $options = array(); - if ($this->connection = @fsockopen($server, $port, $errorno, $errorstr, $this->timeout)) + if ($use_ssl) { - socket_set_blocking($this->connection, 0); - socket_set_timeout($this->connection, 60); + $remote_socket = 'ssl://' . $server . ':' . $port; + + // Set ssl context options, see http://php.net/manual/en/context.ssl.php + $options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed); + } + else + { + $remote_socket = $server . ':' . $port; + } + + $socket_context = stream_context_create($options); + + if ($this->connection = @stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context)) + { + stream_set_blocking($this->connection, 0); + stream_set_timeout($this->connection, 60); return true; } @@ -563,7 +596,7 @@ class jabber case 'proceed': // continue switching to TLS $meta = stream_get_meta_data($this->connection); - socket_set_blocking($this->connection, 1); + stream_set_blocking($this->connection, 1); if (!stream_socket_enable_crypto($this->connection, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { @@ -571,7 +604,7 @@ class jabber return false; } - socket_set_blocking($this->connection, $meta['blocked']); + stream_set_blocking($this->connection, $meta['blocked']); $this->session['tls'] = true; // new stream |