Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Web] Fixes TLSA for self-signed certs, closes #997

andre.peters 7 years ago
parent
0e7cd4eeeb
commit
3feabe00a2
2 changed files with 17 additions and 16 deletions
Split View Show Diff Stats
  1. 15 15
      data/web/inc/ajax/dns_diagnostics.php
  2. 2 1
      data/web/inc/functions.inc.php

+ 15 - 15
data/web/inc/ajax/dns_diagnostics.php
View File 

@@ -13,22 +13,22 @@ $domains = mailbox('get', 'domains');
 
 foreach(mailbox('get', 'domains') as $dn) {
 
   $domains = array_merge($domains, mailbox('get', 'alias_domains', $dn));
 
 }
 
-
 
-if (isset($_GET['domain'])) {
 
-  if (is_valid_domain_name($_GET['domain'])) {
 
-    if (in_array($_GET['domain'], $domains)) {
 
       $domain = $_GET['domain'];
 
-    }
 
-    else {
 
-      echo "No such domain in context";
 
-      die();
 
-    }
 
-  }
 
-  else {
 
-    echo "Invalid domain name";
 
-    die();
 
-  }
 
-}
 
+
 
+// if (isset($_GET['domain'])) {
 
+  // if (is_valid_domain_name($_GET['domain'])) {
 
+    // if (in_array($_GET['domain'], $domains)) {
 
+    // }
 
+    // else {
 
+      // echo "No such domain in context";
 
+      // die();
 
+    // }
 
+  // }
 
+  // else {
 
+    // echo "Invalid domain name";
 
+    // die();
 
+  // }
 
+// }
 
 
 $ch = curl_init('http://ip4.mailcow.email');
 
 curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);

+ 2 - 1
data/web/inc/functions.inc.php
View File 

@@ -74,7 +74,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
 
     return "Not a valid hostname";

   }

   if (empty($starttls)) {

-    $context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'allow_self_signed' => true)));

+    $context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)));

     $stream = stream_socket_client('ssl://' . $hostname . ':' . $port, $error_nr, $error_msg, 5, STREAM_CLIENT_CONNECT, $context);

     if (!$stream) {

       $error_msg = isset($error_msg) ? $error_msg : '-';

@@ -112,6 +112,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
 
     stream_set_blocking($stream, true);

     stream_context_set_option($stream, 'ssl', 'capture_peer_cert', true);

     stream_context_set_option($stream, 'ssl', 'verify_peer', false);

+    stream_context_set_option($stream, 'ssl', 'verify_peer_name', false);

     stream_context_set_option($stream, 'ssl', 'allow_self_signed', true);

     stream_socket_enable_crypto($stream, true, STREAM_CRYPTO_METHOD_ANY_CLIENT);

     stream_set_blocking($stream, false);