[Web] Fixes TLSA for self-signed certs, closes #997
parent
0e7cd4eeeb
commit
3feabe00a2
|
@ -13,22 +13,22 @@ $domains = mailbox('get', 'domains');
|
|||
foreach(mailbox('get', 'domains') as $dn) {
|
||||
$domains = array_merge($domains, mailbox('get', 'alias_domains', $dn));
|
||||
}
|
||||
|
||||
if (isset($_GET['domain'])) {
|
||||
if (is_valid_domain_name($_GET['domain'])) {
|
||||
if (in_array($_GET['domain'], $domains)) {
|
||||
$domain = $_GET['domain'];
|
||||
}
|
||||
else {
|
||||
echo "No such domain in context";
|
||||
die();
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo "Invalid domain name";
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
// if (isset($_GET['domain'])) {
|
||||
// if (is_valid_domain_name($_GET['domain'])) {
|
||||
// if (in_array($_GET['domain'], $domains)) {
|
||||
// }
|
||||
// else {
|
||||
// echo "No such domain in context";
|
||||
// die();
|
||||
// }
|
||||
// }
|
||||
// else {
|
||||
// echo "Invalid domain name";
|
||||
// die();
|
||||
// }
|
||||
// }
|
||||
|
||||
$ch = curl_init('http://ip4.mailcow.email');
|
||||
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
|
||||
|
|
|
@ -74,7 +74,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
|
|||
return "Not a valid hostname";
|
||||
}
|
||||
if (empty($starttls)) {
|
||||
$context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'allow_self_signed' => true)));
|
||||
$context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)));
|
||||
$stream = stream_socket_client('ssl://' . $hostname . ':' . $port, $error_nr, $error_msg, 5, STREAM_CLIENT_CONNECT, $context);
|
||||
if (!$stream) {
|
||||
$error_msg = isset($error_msg) ? $error_msg : '-';
|
||||
|
@ -112,6 +112,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
|
|||
stream_set_blocking($stream, true);
|
||||
stream_context_set_option($stream, 'ssl', 'capture_peer_cert', true);
|
||||
stream_context_set_option($stream, 'ssl', 'verify_peer', false);
|
||||
stream_context_set_option($stream, 'ssl', 'verify_peer_name', false);
|
||||
stream_context_set_option($stream, 'ssl', 'allow_self_signed', true);
|
||||
stream_socket_enable_crypto($stream, true, STREAM_CRYPTO_METHOD_ANY_CLIENT);
|
||||
stream_set_blocking($stream, false);
|
||||
|
|
Loading…
Reference in New Issue