7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fixes TLSA for self-signed certs, closes #997

Browse Source
This commit is contained in:
andre.peters
2018-02-03 19:13:15 +01:00
parent 0e7cd4eeeb
commit 3feabe00a2
2 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/web/inc/functions.inc.php
View File

@@ -74,7 +74,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
return "Not a valid hostname";
}
if (empty($starttls)) {
$context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'allow_self_signed' => true)));
$context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)));
$stream = stream_socket_client('ssl://' . $hostname . ':' . $port, $error_nr, $error_msg, 5, STREAM_CLIENT_CONNECT, $context);
if (!$stream) {
$error_msg = isset($error_msg) ? $error_msg : '-';
@@ -112,6 +112,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
stream_set_blocking($stream, true);
stream_context_set_option($stream, 'ssl', 'capture_peer_cert', true);
stream_context_set_option($stream, 'ssl', 'verify_peer', false);
stream_context_set_option($stream, 'ssl', 'verify_peer_name', false);
stream_context_set_option($stream, 'ssl', 'allow_self_signed', true);
stream_socket_enable_crypto($stream, true, STREAM_CRYPTO_METHOD_ANY_CLIENT);
stream_set_blocking($stream, false);