paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fixes TLSA for self-signed certs, closes #997

master
andre.peters 2018-02-03 19:13:15 +01:00
parent 0e7cd4eeeb
commit 3feabe00a2
2 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
data/web/inc/ajax/dns_diagnostics.php
View File

@ -13,22 +13,22 @@ $domains = mailbox('get', 'domains');
foreach(mailbox('get', 'domains') as $dn) {
$domains = array_merge($domains, mailbox('get', 'alias_domains', $dn));
}
if (isset($_GET['domain'])) {
if (is_valid_domain_name($_GET['domain'])) {
if (in_array($_GET['domain'], $domains)) {
$domain = $_GET['domain'];
}
else {
echo "No such domain in context";
die();
}
}
else {
echo "Invalid domain name";
die();
}
}
// if (isset($_GET['domain'])) {
// if (is_valid_domain_name($_GET['domain'])) {
// if (in_array($_GET['domain'], $domains)) {
// }
// else {
// echo "No such domain in context";
// die();
// }
// }
// else {
// echo "Invalid domain name";
// die();
// }
// }
$ch = curl_init('http://ip4.mailcow.email');
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);

3
data/web/inc/functions.inc.php
View File

@ -74,7 +74,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
return "Not a valid hostname";
}
if (empty($starttls)) {
$context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'allow_self_signed' => true)));
$context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)));
$stream = stream_socket_client('ssl://' . $hostname . ':' . $port, $error_nr, $error_msg, 5, STREAM_CLIENT_CONNECT, $context);
if (!$stream) {
$error_msg = isset($error_msg) ? $error_msg : '-';
@ -112,6 +112,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
stream_set_blocking($stream, true);
stream_context_set_option($stream, 'ssl', 'capture_peer_cert', true);
stream_context_set_option($stream, 'ssl', 'verify_peer', false);
stream_context_set_option($stream, 'ssl', 'verify_peer_name', false);
stream_context_set_option($stream, 'ssl', 'allow_self_signed', true);
stream_socket_enable_crypto($stream, true, STREAM_CRYPTO_METHOD_ANY_CLIENT);
stream_set_blocking($stream, false);