From 32f3ddca7061c7584508dd09e4b1226b8aae1aca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Thu, 30 Mar 2017 08:33:04 +0200 Subject: [ticket/15150] Add Jabber SSL context configuration options PHPBB3-15150 --- phpBB/includes/acp/acp_jabber.php | 25 +++++++++++++++++-------- phpBB/includes/functions_jabber.php | 33 ++++++++++++++++++++++++++++----- phpBB/includes/functions_messenger.php | 4 ++-- 3 files changed, 47 insertions(+), 15 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php index a482b41e1d..3b958c0ea1 100644 --- a/phpBB/includes/acp/acp_jabber.php +++ b/phpBB/includes/acp/acp_jabber.php @@ -50,13 +50,16 @@ class acp_jabber $this->tpl_name = 'acp_jabber'; $this->page_title = 'ACP_JABBER_SETTINGS'; - $jab_enable = request_var('jab_enable', (bool) $config['jab_enable']); - $jab_host = request_var('jab_host', (string) $config['jab_host']); - $jab_port = request_var('jab_port', (int) $config['jab_port']); - $jab_username = request_var('jab_username', (string) $config['jab_username']); - $jab_password = request_var('jab_password', (string) $config['jab_password']); - $jab_package_size = request_var('jab_package_size', (int) $config['jab_package_size']); - $jab_use_ssl = request_var('jab_use_ssl', (bool) $config['jab_use_ssl']); + $jab_enable = request_var('jab_enable', (bool) $config['jab_enable']); + $jab_host = request_var('jab_host', (string) $config['jab_host']); + $jab_port = request_var('jab_port', (int) $config['jab_port']); + $jab_username = request_var('jab_username', (string) $config['jab_username']); + $jab_password = request_var('jab_password', (string) $config['jab_password']); + $jab_package_size = request_var('jab_package_size', (int) $config['jab_package_size']); + $jab_use_ssl = request_var('jab_use_ssl', (bool) $config['jab_use_ssl']); + $jab_verify_peer = request_var('jab_verify_peer', (bool) $config['jab_verify_peer']); + $jab_verify_peer_name = request_var('jab_verify_peer_name', (bool) $config['jab_verify_peer_name']); + $jab_allow_self_signed = request_var('jab_allow_self_signed', (bool) $config['jab_allow_self_signed']); $form_name = 'acp_jabber'; add_form_key($form_name); @@ -76,7 +79,7 @@ class acp_jabber // Is this feature enabled? Then try to establish a connection if ($jab_enable) { - $jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl); + $jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl, $jab_verify_peer, $jab_verify_peer_name, $jab_allow_self_signed); if (!$jabber->connect()) { @@ -116,6 +119,9 @@ class acp_jabber } set_config('jab_package_size', $jab_package_size); set_config('jab_use_ssl', $jab_use_ssl); + set_config('jab_verify_peer', $jab_verify_peer); + set_config('jab_verify_peer_name', $jab_verify_peer_name); + set_config('jab_allow_self_signed', $jab_allow_self_signed); add_log('admin', 'LOG_' . $log); trigger_error($message . adm_back_link($this->u_action)); @@ -131,6 +137,9 @@ class acp_jabber 'JAB_PASSWORD' => $jab_password !== '' ? '********' : '', 'JAB_PACKAGE_SIZE' => $jab_package_size, 'JAB_USE_SSL' => $jab_use_ssl, + 'JAB_VERIFY_PEER' => $jab_verify_peer, + 'JAB_VERIFY_PEER_NAME' => $jab_verify_peer_name, + 'JAB_ALLOW_SELF_SIGNED' => $jab_allow_self_signed, 'S_CAN_USE_SSL' => jabber::can_use_ssl(), 'S_GTALK_NOTE' => (!@function_exists('dns_get_record')) ? true : false, )); diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index bd2e9e93ac..a4fbc90d57 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -41,6 +41,9 @@ class jabber var $username; var $password; var $use_ssl; + var $verify_peer; + var $verify_peer_name; + var $allow_self_signed; var $resource = 'functions_jabber.phpbb.php'; var $enable_logging; @@ -50,7 +53,7 @@ class jabber /** */ - function jabber($server, $port, $username, $password, $use_ssl = false) + function jabber($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) { $this->connect_server = ($server) ? $server : 'localhost'; $this->port = ($port) ? $port : 5222; @@ -71,6 +74,9 @@ class jabber $this->password = $password; $this->use_ssl = ($use_ssl && self::can_use_ssl()) ? true : false; + $this->verify_peer = $verify_peer; + $this->verify_peer_name = $verify_peer_name; + $this->allow_self_signed = $allow_self_signed; // Change port if we use SSL if ($this->port == 5222 && $this->use_ssl) @@ -139,7 +145,7 @@ class jabber $this->session['ssl'] = $this->use_ssl; - if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl)) + if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl, $this->verify_peer, $this->verify_peer_name, $this->allow_self_signed)) { $this->send("\n"); $this->send("\n"); @@ -227,10 +233,13 @@ class jabber * @param string $server host to connect to * @param int $port port number * @param bool $use_ssl use ssl or not + * @param bool $verify_peer verify ssl certificate + * @param bool $verify_peer_name verify peer name + * @param bool $allow_self_signed allow self-signed ssl certificates * @access public * @return bool */ - function open_socket($server, $port, $use_ssl = false) + function open_socket($server, $port, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) { if (@function_exists('dns_get_record')) { @@ -241,9 +250,23 @@ class jabber } } - $server = $use_ssl ? 'ssl://' . $server : $server; + $options = array(); - if ($this->connection = @fsockopen($server, $port, $errorno, $errorstr, $this->timeout)) + if ($use_ssl) + { + $remote_socket = 'ssl://' . $server . ':' . $port; + + // Set ssl context options, see http://php.net/manual/en/context.ssl.php + $options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed); + } + else + { + $remote_socket = $server . ':' . $port; + } + + $socket_context = stream_context_create($options); + + if ($this->connection = stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context)) { socket_set_blocking($this->connection, 0); socket_set_timeout($this->connection, 60); diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index a6e4cb0679..799b687493 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -625,7 +625,7 @@ class messenger if (!$use_queue) { include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); - $this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']); + $this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']); if (!$this->jabber->connect()) { @@ -800,7 +800,7 @@ class queue } include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); - $this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']); + $this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']); if (!$this->jabber->connect()) { -- cgit v1.2.1 From 4147c388380ab872b4e0ba080fa019a5a4731302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Sun, 2 Apr 2017 15:17:31 +0200 Subject: [ticket/15150] Hide errors if function stream_socket_client have been disabled PHPBB3-15150 --- phpBB/includes/functions_jabber.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index a4fbc90d57..0ef4797886 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -266,7 +266,7 @@ class jabber $socket_context = stream_context_create($options); - if ($this->connection = stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context)) + if ($this->connection = @stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context)) { socket_set_blocking($this->connection, 0); socket_set_timeout($this->connection, 60); -- cgit v1.2.1 From 43731202fd22b697ce8520fb88b9cc707c5f479d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Sun, 2 Apr 2017 15:20:49 +0200 Subject: [ticket/15150] Hide errors if function stream_socket_client have been disabled PHPBB3-15150 --- phpBB/includes/functions_messenger.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 799b687493..9dbf9d5ef9 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -1057,7 +1057,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false) $options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed); $socket_context = stream_context_create($options); - $smtp->socket = stream_socket_client($remote_socket, $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $socket_context); + $smtp->socket = @stream_socket_client($remote_socket, $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $socket_context); $collector->uninstall(); $error_contents = $collector->format_errors(); -- cgit v1.2.1 From d44dde390ac646dcc22aa3266d409be3cbbb2001 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Tue, 4 Apr 2017 14:08:23 +0200 Subject: [ticket/15150] Remove default values for arguments PHPBB3-15150 --- phpBB/includes/functions_jabber.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index 0ef4797886..842910a023 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -239,7 +239,7 @@ class jabber * @access public * @return bool */ - function open_socket($server, $port, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) + function open_socket($server, $port, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed) { if (@function_exists('dns_get_record')) { -- cgit v1.2.1 From eadd5851d00e7af813b9175e3ae4ccbe5b7ec58d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Tue, 4 Apr 2017 14:14:48 +0200 Subject: [ticket/15150] Use stream_* functions instead of socket_* functions PHPBB3-15150 --- phpBB/includes/functions_jabber.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index 842910a023..0479e102ac 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -102,7 +102,7 @@ class jabber */ static public function can_use_tls() { - if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking') || !function_exists('stream_get_wrappers')) + if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('stream_set_blocking') || !function_exists('stream_get_wrappers')) { return false; } @@ -268,8 +268,8 @@ class jabber if ($this->connection = @stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context)) { - socket_set_blocking($this->connection, 0); - socket_set_timeout($this->connection, 60); + stream_set_blocking($this->connection, 0); + stream_set_timeout($this->connection, 60); return true; } @@ -586,7 +586,7 @@ class jabber case 'proceed': // continue switching to TLS $meta = stream_get_meta_data($this->connection); - socket_set_blocking($this->connection, 1); + stream_set_blocking($this->connection, 1); if (!stream_socket_enable_crypto($this->connection, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { @@ -594,7 +594,7 @@ class jabber return false; } - socket_set_blocking($this->connection, $meta['blocked']); + stream_set_blocking($this->connection, $meta['blocked']); $this->session['tls'] = true; // new stream -- cgit v1.2.1 From 601ffba0cf59bf3a0d5414d775f6c586f26e4952 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Tue, 4 Apr 2017 14:25:57 +0200 Subject: [ticket/15150] Use php5 constructor PHPBB3-15150 --- phpBB/includes/functions_jabber.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index 0479e102ac..68d58bc3b9 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -50,10 +50,20 @@ class jabber var $log_array; var $features = array(); - + /** + * Constructor + * + * @param string $server Jabber server + * @param int $port Jabber server port + * @param string $username Jabber username or JID + * @param string $password Jabber password + * @param boold $use_ssl Use ssl + * @param bool $verify_peer Verify SSL certificate + * @param bool $verify_peer_name Verify Jabber peer name + * @param bool $allow_self_signed Allow self signed certificates */ - function jabber($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) + function __construct($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) { $this->connect_server = ($server) ? $server : 'localhost'; $this->port = ($port) ? $port : 5222; @@ -88,6 +98,14 @@ class jabber $this->log_array = array(); } + /** + * Old style constructor (for compatibility, possibly it isn't nessesary) + */ + function jabber($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) + { + $this->__construct($server, $port, $username, $password, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed); + } + /** * Able to use the SSL functionality? */ -- cgit v1.2.1 From d0540eea52e30410bfefb51a0a64231d347fb101 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Tue, 4 Apr 2017 14:28:03 +0200 Subject: [ticket/15150] Remove empty space PHPBB3-15150 --- phpBB/includes/functions_jabber.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index 68d58bc3b9..a415d89e27 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -50,7 +50,7 @@ class jabber var $log_array; var $features = array(); - + /** * Constructor * -- cgit v1.2.1 From 4efcfc2477da2b301492836300d5b529465f2216 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Mon, 17 Apr 2017 03:08:00 +0200 Subject: [ticket/15150] Remove php4 constructor PHPBB-15150 --- phpBB/includes/functions_jabber.php | 8 -------- 1 file changed, 8 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index a415d89e27..c9ec6fea61 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -98,14 +98,6 @@ class jabber $this->log_array = array(); } - /** - * Old style constructor (for compatibility, possibly it isn't nessesary) - */ - function jabber($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false) - { - $this->__construct($server, $port, $username, $password, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed); - } - /** * Able to use the SSL functionality? */ -- cgit v1.2.1