From 9aaa9ae25065b41ecf3dbdf382c4f5dea7e84ffa Mon Sep 17 00:00:00 2001 From: pdontthink Date: Tue, 21 Jan 2014 01:13:49 +0000 Subject: [PATCH] Add advanced control over the SSL context used when connecting to the SMTP and IMAP servers over SSL/TLS (Thanks to Emmanuel Dreyfus) git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14427 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- class/deliver/Deliver.class.php | 9 ++--- class/deliver/Deliver_SMTP.class.php | 20 +++++++++-- class/deliver/Deliver_SendMail.class.php | 2 +- config/config_local.example.php | 25 +++++++++++++- doc/ChangeLog | 4 +++ functions/imap_general.php | 33 +++++++++++++++---- include/options/folder.php | 7 ++-- plugins/filters/filters.php | 8 ++--- plugins/filters/options.php | 3 +- plugins/filters/spamoptions.php | 3 +- plugins/info/options.php | 3 +- plugins/mail_fetch/fetch.php | 3 +- plugins/mail_fetch/functions.php | 4 +-- plugins/mail_fetch/options.php | 5 +-- .../message_details_bottom.php | 5 +-- plugins/sent_subfolders/functions.php | 8 ++--- plugins/spamcop/functions.php | 4 +-- plugins/spamcop/spamcop.php | 3 +- src/compose.php | 19 ++++++----- src/download.php | 3 +- src/empty_trash.php | 3 +- src/folders.php | 3 +- src/left_main.php | 3 +- src/redirect.php | 3 +- src/right_main.php | 3 +- src/search.php | 3 +- src/vcard.php | 3 +- src/view_header.php | 3 +- src/view_html.php | 3 +- src/view_text.php | 3 +- 30 files changed, 143 insertions(+), 58 deletions(-) diff --git a/class/deliver/Deliver.class.php b/class/deliver/Deliver.class.php index b36b0acf..73f243ab 100644 --- a/class/deliver/Deliver.class.php +++ b/class/deliver/Deliver.class.php @@ -90,7 +90,7 @@ class Deliver { // if ($reply_id) { global $imapConnection, $username, $imapServerAddress, - $imapPort, $mailbox; + $imapPort, $imapSslOptions, $mailbox; // try our best to use an existing IMAP handle // @@ -103,8 +103,8 @@ class Deliver { } else { $close_imap_stream = TRUE; - $my_imap_stream = sqimap_login($username, FALSE, - $imapServerAddress, $imapPort, 0); + $my_imap_stream = sqimap_login($username, FALSE, $imapServerAddress, + $imapPort, 0, $imapSslOptions); } sqimap_mailbox_select($my_imap_stream, $mailbox); @@ -453,10 +453,11 @@ class Deliver { * @param string $pass password to log into the SMTP server with * @param boolean $authpop whether or not to use POP-before-SMTP authorization * @param string $pop_host host name or IP to connect to for POP-before-SMTP authorization + * @param array $ssl_options SSL context options, see config_local.php for more details (OPTIONAL) * * @return handle $stream file handle resource to SMTP stream */ - function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') { + function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='', $ssl_options=array()) { return $stream; } diff --git a/class/deliver/Deliver_SMTP.class.php b/class/deliver/Deliver_SMTP.class.php index 2fcd0211..641fbe79 100644 --- a/class/deliver/Deliver_SMTP.class.php +++ b/class/deliver/Deliver_SMTP.class.php @@ -62,7 +62,7 @@ class Deliver_SMTP extends Deliver { } } - function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') { + function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='', $ssl_options=array()) { global $use_smtp_tls,$smtp_auth_mech; if ($authpop) { @@ -90,9 +90,25 @@ class Deliver_SMTP extends Deliver { $from->mailbox = ''; } + // NB: Using "ssl://" ensures the highest possible TLS version + // will be negotiated with the server (whereas "tls://" only + // uses TLS version 1.0) + // if ($use_smtp_tls == 1) { if ((check_php_version(4,3)) && (extension_loaded('openssl'))) { - $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); + if (function_exists('stream_socket_client')) { + $server_address = 'ssl://' . $host . ':' . $port; + if (!empty($ssl_options)) + $ssl_options = array('ssl' => $ssl_options); + $ssl_context = @stream_context_create($ssl_options); + $connect_timeout = ini_get('default_socket_timeout'); + // null timeout is broken + if ($connect_timeout == 0) + $connect_timeout = 30; + $stream = @stream_socket_client($server_address, $errorNumber, $errorString, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context); + } else { + $stream = @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString); + } $this->tls_enabled = true; } else { /** diff --git a/class/deliver/Deliver_SendMail.class.php b/class/deliver/Deliver_SendMail.class.php index 3af1a2d9..a1394173 100644 --- a/class/deliver/Deliver_SendMail.class.php +++ b/class/deliver/Deliver_SendMail.class.php @@ -91,7 +91,7 @@ class Deliver_SendMail extends Deliver { * @return resource * @access public */ - function initStream($message, $sendmail_path, $ignore=0, $ignore='', $ignore='', $ignore='', $ignore='', $ignore=false, $ignore='') { + function initStream($message, $sendmail_path, $ignore=0, $ignore='', $ignore='', $ignore='', $ignore='', $ignore=false, $ignore='', $ignore=array()) { $rfc822_header = $message->rfc822_header; $from = $rfc822_header->from[0]; $envelopefrom = trim($from->mailbox.'@'.$from->host); diff --git a/config/config_local.example.php b/config/config_local.example.php index a340c7c2..bcb482c6 100644 --- a/config/config_local.example.php +++ b/config/config_local.example.php @@ -27,7 +27,7 @@ * of custom PHP session handlers. This feature is well * documented in the code in include/init.php * - * hide_squirrelmail_header (must be defined as a constant: + * $hide_squirrelmail_header (must be defined as a constant: * define('hide_squirrelmail_header', 1); * This allows the administrator to force SquirrelMail never * to add its own Received headers with user information in @@ -52,5 +52,28 @@ * (those that are displayed in a different color than other * "normal" mailboxes). * + * $smtpSslOptions allows more control over the SSL context used + * when connecting to the SMTP server over SSL/TLS. See: + * http://php.net/manual/context.ssl.php + * For example, you can specify a CA file that corresponds + * to your server's certificate and make sure that the + * server's certificate is validated when connecting: + * $smtpSslOptions = array( + * 'cafile' => '/etc/pki/tls/certs/ca-bundle.crt', + * 'verify_peer' => true, + * 'verify_depth' => 3, + * ); + * + * $imapSslOptions allows more control over the SSL context used + * when connecting to the IMAP server over SSL/TLS. See: + * http://php.net/manual/context.ssl.php + * For example, you can specify a CA file that corresponds + * to your server's certificate and make sure that the + * server's certificate is validated when connecting: + * $imapSslOptions = array( + * 'cafile' => '/etc/pki/tls/certs/ca-bundle.crt', + * 'verify_peer' => true, + * 'verify_depth' => 3, + * ); */ diff --git a/doc/ChangeLog b/doc/ChangeLog index 9628707a..5f5b1d48 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -383,6 +383,10 @@ Version 1.5.2 - SVN unsafe images. - Full date and time is used as "title" (mouseover) text for dates shown on the message list screen + - Added advanced control over the SSL context used when connecting + to the SMTP and IMAP servers over SSL/TLS (Thanks to Emmanuel + Dreyfus). See $imapSslOptions and $smtpSslOptions in config_local.php + for more information. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- diff --git a/functions/imap_general.php b/functions/imap_general.php index cc4c2f75..9fe4e756 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -670,10 +670,12 @@ function sqimap_read_data ($imap_stream, $tag_uid, $handle_errors, * @param int port port number to connect to * @param integer $tls whether to use plain text(0), TLS(1) or STARTTLS(2) when connecting. * Argument was boolean before 1.5.1. + * @param array $ssl_options SSL context options, see config_local.php + * for more details (OPTIONAL) * @return imap-stream resource identifier * @since 1.5.0 (usable only in 1.5.1 or later) */ -function sqimap_create_stream($server,$port,$tls=0) { +function sqimap_create_stream($server,$port,$tls=0,$ssl_options=array()) { global $squirrelmail_language; if (strstr($server,':') && ! preg_match("/^\[.*\]$/",$server)) { @@ -681,10 +683,25 @@ function sqimap_create_stream($server,$port,$tls=0) { $server = '['.$server.']'; } + // NB: Using "ssl://" ensures the highest possible TLS version + // will be negotiated with the server (whereas "tls://" only + // uses TLS version 1.0) + // if ($tls == 1) { if ((check_php_version(4,3)) and (extension_loaded('openssl'))) { - /* Use TLS by prefixing "tls://" to the hostname */ - $server = 'tls://' . $server; + if (function_exists('stream_socket_client')) { + $server_address = 'ssl://' . $server . ':' . $port; + if (!empty($ssl_options)) + $ssl_options = array('ssl' => $ssl_options); + $ssl_context = @stream_context_create($ssl_options); + $connect_timeout = ini_get('default_socket_timeout'); + // null timeout is broken + if ($connect_timeout == 0) + $connect_timeout = 15; + $imap_stream = @stream_socket_client($server_address, $error_number, $error_string, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context); + } else { + $imap_stream = @fsockopen('ssl://' . $server, $port, $error_number, $error_string, 15); + } } else { require_once(SM_PATH . 'functions/display_messages.php'); logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server). @@ -694,9 +711,10 @@ function sqimap_create_stream($server,$port,$tls=0) { _("Please contact your system administrator and report this error."), sprintf(_("Error connecting to IMAP server: %s."), $server)); } + } else { + $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15); } - $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15); /* Do some error correction */ if (!$imap_stream) { @@ -794,11 +812,14 @@ function sqimap_create_stream($server,$port,$tls=0) { * 1 = show no errors (just exit) * 2 = show no errors (return FALSE) * 3 = show no errors (return error string) + * @param array $ssl_options SSL context options, see config_local.php + * for more details (OPTIONAL) * @return mixed The IMAP connection stream, or if the connection fails, * FALSE if $hide is set to 2 or an error string if $hide * is set to 3. */ -function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { +function sqimap_login ($username, $password, $imap_server_address, + $imap_port, $hide, $ssl_options=array()) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, $imap_auth_mech, $sqimap_capabilities; @@ -846,7 +867,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $host = $imap_server_address; $imap_server_address = sqimap_get_user_server($imap_server_address, $username); - $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls); + $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls,$ssl_options); if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) { // We're using some sort of authentication OTHER than plain or login diff --git a/include/options/folder.php b/include/options/folder.php index 907629c0..d60e4f63 100644 --- a/include/options/folder.php +++ b/include/options/folder.php @@ -33,11 +33,12 @@ define('SMOPT_GRP_FOLDERSELECT', 2); * @return array all option information */ function load_optpage_data_folder() { - global $username, $imapServerAddress, $imapPort, $oTemplate, $nbsp, - $folder_prefix, $default_folder_prefix, $show_prefix_option; + global $username, $imapServerAddress, $imapPort, $imapSslOptions, + $oTemplate, $nbsp, $folder_prefix, $default_folder_prefix, + $show_prefix_option; /* Get some imap data we need later. */ - $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $boxes = sqimap_mailbox_list($imapConnection); /* Build a simple array into which we will build options. */ diff --git a/plugins/filters/filters.php b/plugins/filters/filters.php index c1612453..2086c2cd 100644 --- a/plugins/filters/filters.php +++ b/plugins/filters/filters.php @@ -190,9 +190,9 @@ function filters_bulkquery($filters, $IPs) { * @access private */ function start_filters($hook_args) { - global $imapServerAddress, $imapPort, $imap_stream, $imapConnection, - $UseSeparateImapConnection, $AllowSpamFilters, $filter_inbox_count, - $username; + global $imapServerAddress, $imapPort, $imapSslOptions, $imap_stream, + $imapConnection, $UseSeparateImapConnection, $AllowSpamFilters, + $filter_inbox_count, $username; /** * check hook that calls filtering. If filters are called by right_main_after_header, @@ -229,7 +229,7 @@ function start_filters($hook_args) { if ((!isset($imap_stream) && !isset($imapConnection)) || $UseSeparateImapConnection ) { $stream = sqimap_login($username, false, $imapServerAddress, - $imapPort, 10); + $imapPort, 10, $imapSslOptions); $previously_connected = false; } else if (isset($imapConnection)) { $stream = $imapConnection; diff --git a/plugins/filters/options.php b/plugins/filters/options.php index 7395a3b9..6ea5290e 100644 --- a/plugins/filters/options.php +++ b/plugins/filters/options.php @@ -25,6 +25,7 @@ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); sqgetGlobalVar('theid', $theid); sqgetGlobalVar('action', $action, SQ_GET); +global $imapSslOptions; // in case not defined in config if (sqgetGlobalVar('filter_submit',$filter_submit,SQ_POST)) { @@ -125,7 +126,7 @@ if (sqgetGlobalVar('filter_submit',$filter_submit,SQ_POST)) { if (isset($action) && ($action == 'add' || $action == 'edit')) { - $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $boxes = sqimap_mailbox_list($imapConnection); for ($a = 0, $cnt = count($boxes); $a < $cnt; $a++) { diff --git a/plugins/filters/spamoptions.php b/plugins/filters/spamoptions.php index 21f6c959..8f390615 100644 --- a/plugins/filters/spamoptions.php +++ b/plugins/filters/spamoptions.php @@ -23,6 +23,7 @@ include_once(SM_PATH . 'plugins/filters/filters.php'); sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); sqgetGlobalVar('action', $action, SQ_GET); +global $imapSslOptions; // in case not defined in config /* end globals */ displayPageHeader($color); @@ -77,7 +78,7 @@ if ($SpamFilters_YourHop == ' ') { if (isset($action) && $action == 'spam') { - $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $boxes = sqimap_mailbox_list($imapConnection); sqimap_logout($imapConnection); $numboxes = count($boxes); diff --git a/plugins/info/options.php b/plugins/info/options.php index 1bc14334..b64e107f 100644 --- a/plugins/info/options.php +++ b/plugins/info/options.php @@ -53,7 +53,8 @@ for($i = 0; $i <= 9; $i++){ /* END GLOBALS */ -$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $caps_array = get_caps($imap_stream); $list = array ('TEST_0', 'TEST_1', diff --git a/plugins/mail_fetch/fetch.php b/plugins/mail_fetch/fetch.php index 0383559c..330c0711 100644 --- a/plugins/mail_fetch/fetch.php +++ b/plugins/mail_fetch/fetch.php @@ -27,6 +27,7 @@ if (!in_array('mail_fetch', $plugins)) exit; /* globals */ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); +global $imapSslOptions; // in case not defined in config /* end globals */ /** @@ -197,7 +198,7 @@ for ($i_loop=$i_start;$i_loop<$i_stop;$i_loop++) { } Mail_Fetch_Status(_("Opening IMAP server")); - $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10); + $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10, $imapSslOptions); // check if destination folder is not set, is not subscribed and is not \noselect folder if($mailfetch_subfolder == '' || diff --git a/plugins/mail_fetch/functions.php b/plugins/mail_fetch/functions.php index a9b889ee..c67d9771 100644 --- a/plugins/mail_fetch/functions.php +++ b/plugins/mail_fetch/functions.php @@ -64,7 +64,7 @@ if (file_exists(SM_PATH . 'config/mail_fetch_config.php')) { function mail_fetch_login_function() { include_once (SM_PATH . 'functions/imap_general.php'); - global $username, $data_dir, $imapServerAddress, $imapPort; + global $username, $data_dir, $imapServerAddress, $imapPort, $imapSslOptions; $mailfetch_newlog = getPref($data_dir, $username, 'mailfetch_newlog'); @@ -129,7 +129,7 @@ function mail_fetch_login_function() { continue; } - $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10); + $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10, $imapSslOptions); /* log into pop server*/ if (! $pop3->login($mailfetch_user, $mailfetch_pass)) { diff --git a/plugins/mail_fetch/options.php b/plugins/mail_fetch/options.php index d71d27a5..d6f4f0d0 100644 --- a/plugins/mail_fetch/options.php +++ b/plugins/mail_fetch/options.php @@ -59,6 +59,7 @@ sqgetGlobalVar('submit_mailfetch', $submit_mailfetch, SQ_POST); $mf_port = trim($mf_port); $mf_server = trim($mf_server); +global $imapSslOptions; // in case not defined in config /* end globals */ @@ -301,7 +302,7 @@ switch( $mf_action ) { html_tag( 'tr' ) . html_tag( 'th', _("Store in Folder:"), 'right' ) . html_tag( 'td', '', 'left' ); - $imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0); + $imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $boxes = sqimap_mailbox_list($imapConnection); echo ''; $selected = 0; diff --git a/plugins/message_details/message_details_bottom.php b/plugins/message_details/message_details_bottom.php index 52c6c9df..a5980ebd 100644 --- a/plugins/message_details/message_details_bottom.php +++ b/plugins/message_details/message_details_bottom.php @@ -112,11 +112,12 @@ function CalcEntity($entString, $direction) { * @access public */ function get_message_details($mailbox, $passed_id, $passed_ent_id=0, $stripHTML=FALSE) { - global $imapServerAddress, $imapPort, $color,$msgd_8bit_in_hex, $username; + global $imapServerAddress, $imapPort, $imapSslOptions, + $color,$msgd_8bit_in_hex, $username; $returnValue = ''; - $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $read = sqimap_mailbox_select($imapConnection, $mailbox); if (!empty($passed_ent_id)) $body = sqimap_run_command($imapConnection, "FETCH $passed_id BODY[$passed_ent_id]",true, $response, $readmessage, TRUE); diff --git a/plugins/sent_subfolders/functions.php b/plugins/sent_subfolders/functions.php index f1071fec..9afab661 100644 --- a/plugins/sent_subfolders/functions.php +++ b/plugins/sent_subfolders/functions.php @@ -50,10 +50,10 @@ function sent_subfolders_check_handleAsSent_do($mailbox) { function sent_subfolders_optpage_loadhook_folders_do() { global $data_dir, $username, $optpage_data, $imapServerAddress, - $imapPort, $show_contain_subfolders_option, $sent_folder; + $imapPort, $imapSslOptions, $show_contain_subfolders_option, $sent_folder; /* Get some imap data we need later. */ - $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $boxes = sqimap_mailbox_list($imapConnection); sqimap_logout($imapConnection); @@ -161,7 +161,7 @@ function save_option_sent_subfolders_base($option) { function sent_subfolders_update_sentfolder_do() { global $sent_folder, $username, $data_dir, $imapServerAddress, $imapPort, - $move_to_sent; + $imapSslOptions, $move_to_sent; sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); @@ -218,7 +218,7 @@ function sent_subfolders_update_sentfolder_do() { /* Auto-create folders, if they do not yet exist. */ if ($sent_subfolder != 'none') { /* Create the imap connection. */ - $ic = sqimap_login($username, false, $imapServerAddress, $imapPort, 10); + $ic = sqimap_login($username, false, $imapServerAddress, $imapPort, 10, $imapSslOptions); $boxes = false; /** diff --git a/plugins/spamcop/functions.php b/plugins/spamcop/functions.php index 8798de15..5d0d4c66 100644 --- a/plugins/spamcop/functions.php +++ b/plugins/spamcop/functions.php @@ -134,12 +134,12 @@ function spamcop_options_function() { */ function spamcop_while_sending_function() { global $mailbox, $spamcop_delete, $spamcop_save, $spamcop_is_composing, $auto_expunge, - $username, $imapServerAddress, $imapPort; + $username, $imapServerAddress, $imapPort, $imapSslOptions; if (sqgetGlobalVar('spamcop_is_composing' , $spamcop_is_composing)) { // delete spam message if ($spamcop_delete) { - $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); sqimap_mailbox_select($imapConnection, $mailbox); sqimap_msgs_list_delete($imapConnection, $mailbox, array($spamcop_is_composing)); if ($auto_expunge) diff --git a/plugins/spamcop/spamcop.php b/plugins/spamcop/spamcop.php index 2d0d0acd..abaee516 100644 --- a/plugins/spamcop/spamcop.php +++ b/plugins/spamcop/spamcop.php @@ -66,7 +66,8 @@ if (! is_plugin_enabled('spamcop')) { exit(); } - $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + global $imapSslOptions; // in case not defined in config + $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); sqimap_mailbox_select($imap_stream, $mailbox); if ($spamcop_method == 'quick_email' || diff --git a/src/compose.php b/src/compose.php index c3f0f426..a84c33b8 100644 --- a/src/compose.php +++ b/src/compose.php @@ -41,6 +41,7 @@ require_once(SM_PATH . 'class/deliver/Deliver.class.php'); require_once(SM_PATH . 'functions/addressbook.php'); require_once(SM_PATH . 'functions/forms.php'); require_once(SM_PATH . 'functions/identity.php'); +global $imapSslOptions; // in case not defined in config /* --------------------- Get globals ------------------------------------- */ @@ -429,7 +430,7 @@ if ($draft) { $draft_message = _("Draft Email Saved"); /* If this is a resumed draft, then delete the original */ if(isset($delete_draft)) { - $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false); + $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false, $imapSslOptions); sqimap_mailbox_select($imap_stream, $draft_folder); // force bypass_trash=true because message should be saved when deliverMessage() returns true. // in current implementation of sqimap_msgs_list_flag() single message id can @@ -542,7 +543,7 @@ if ($send) { /* if it is resumed draft, delete draft message */ if ( isset($delete_draft)) { - $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false); + $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false, $imapSslOptions); sqimap_mailbox_select($imap_stream, $draft_folder); // bypass_trash=true because message should be saved when deliverMessage() returns true. // in current implementation of sqimap_msgs_list_flag() single message id can @@ -773,7 +774,7 @@ function getforwardSubject($subject) function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') { global $editor_size, $default_use_priority, $body, $idents, $use_signature, $data_dir, $username, - $key, $imapServerAddress, $imapPort, + $key, $imapServerAddress, $imapPort, $imapSslOptions, $composeMessage, $body_quote, $request_mdn, $request_dr, $mdn_user_support, $languages, $squirrelmail_language, $default_charset, $do_not_reply_to_self; @@ -790,7 +791,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se if ($passed_id) { $imapConnection = sqimap_login($username, false, $imapServerAddress, - $imapPort, 0); + $imapPort, 0, $imapSslOptions); sqimap_mailbox_select($imapConnection, $mailbox); $message = sqimap_get_message($imapConnection, $passed_id, $mailbox); @@ -1680,7 +1681,7 @@ function deliverMessage(&$composeMessage, $draft=false) { $username, $identity, $idents, $data_dir, $request_mdn, $request_dr, $default_charset, $useSendmail, $domain, $action, $default_move_to_sent, $move_to_sent, - $imapServerAddress, $imapPort, $sent_folder, $key; + $imapServerAddress, $imapPort, $imapSslOptions, $sent_folder, $key; $rfc822_header = $composeMessage->rfc822_header; @@ -1777,13 +1778,13 @@ function deliverMessage(&$composeMessage, $draft=false) { if (!$useSendmail && !$draft) { require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php'); $deliver = new Deliver_SMTP(); - global $smtpServerAddress, $smtpPort, $pop_before_smtp, $pop_before_smtp_host; + global $smtpServerAddress, $smtpPort, $smtpSslOptions, $pop_before_smtp, $pop_before_smtp_host; $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false; if (empty($pop_before_smtp_host)) $pop_before_smtp_host = $smtpServerAddress; get_smtp_user($user, $pass); $stream = $deliver->initStream($composeMessage,$domain,0, - $smtpServerAddress, $smtpPort, $user, $pass, $authPop, $pop_before_smtp_host); + $smtpServerAddress, $smtpPort, $user, $pass, $authPop, $pop_before_smtp_host, $smtpSslOptions); } elseif (!$draft) { require_once(SM_PATH . 'class/deliver/Deliver_SendMail.class.php'); global $sendmail_path, $sendmail_args; @@ -1800,7 +1801,7 @@ function deliverMessage(&$composeMessage, $draft=false) { } elseif ($draft) { global $draft_folder; $imap_stream = sqimap_login($username, false, $imapServerAddress, - $imapPort, 0); + $imapPort, 0, $imapSslOptions); if (sqimap_mailbox_exists ($imap_stream, $draft_folder)) { require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php'); $imap_deliver = new Deliver_IMAP(); @@ -1836,7 +1837,7 @@ function deliverMessage(&$composeMessage, $draft=false) { plain_error_message($msg); } else { unset ($deliver); - $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); + $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); // mark as replied or forwarded if applicable diff --git a/src/download.php b/src/download.php index 8f0d848b..780ff9f5 100644 --- a/src/download.php +++ b/src/download.php @@ -58,7 +58,8 @@ set_my_charset(); /* end globals */ -$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $aMailbox = sqm_api_mailbox_select($imapConnection, $account, $mailbox,array(),array()); if (isset($aMailbox['MSG_HEADERS'][$passed_id]['MESSAGE_OBJECT']) && diff --git a/src/empty_trash.php b/src/empty_trash.php index eeeb5373..b3f4c476 100644 --- a/src/empty_trash.php +++ b/src/empty_trash.php @@ -34,7 +34,8 @@ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); sqgetGlobalVar('smtoken', $submitted_token, SQ_GET, ''); sm_validate_security_token($submitted_token, -1, TRUE); -$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $mailbox = $trash_folder; $boxes = sqimap_mailbox_list($imap_stream); diff --git a/src/folders.php b/src/folders.php index 78198e39..87b48b04 100644 --- a/src/folders.php +++ b/src/folders.php @@ -34,7 +34,8 @@ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); /* end of get globals */ -$imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); /* switch to the right function based on what the user selected */ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { diff --git a/src/left_main.php b/src/left_main.php index 1b77a6e5..5f75070b 100644 --- a/src/left_main.php +++ b/src/left_main.php @@ -38,7 +38,8 @@ sqgetGlobalVar('unfold', $unfold, SQ_GET); // open a connection on the imap port (143) // why hide the output? -$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, true); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, true, $imapSslOptions); /** * Using stristr since very old preferences may contain "None" and "none". diff --git a/src/redirect.php b/src/redirect.php index d6aa6f8f..c8af1367 100644 --- a/src/redirect.php +++ b/src/redirect.php @@ -71,7 +71,8 @@ if ($force_username_lowercase) { } /* Verify that username and password are correct. */ -$imapConnection = sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0, $imapSslOptions); /* From now on we are logged it. If the login failed then sqimap_login handles it */ /** diff --git a/src/right_main.php b/src/right_main.php index 41960632..ea2f3af5 100644 --- a/src/right_main.php +++ b/src/right_main.php @@ -88,7 +88,8 @@ if ( sqgetGlobalVar('account', $account, SQ_GET) ) { /* Open an imap connection */ -$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $mailbox = (isset($mailbox) && $mailbox) ? $mailbox : 'INBOX'; diff --git a/src/search.php b/src/search.php index 15d4886a..ce868b73 100644 --- a/src/search.php +++ b/src/search.php @@ -1321,7 +1321,8 @@ if ($search_advanced) { uasort($imap_asearch_options, 'asearch_unhtml_strcoll'); /* open IMAP connection */ -$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); /* get mailboxes once here */ diff --git a/src/vcard.php b/src/vcard.php index dc9ed7c2..e3529c8e 100644 --- a/src/vcard.php +++ b/src/vcard.php @@ -41,7 +41,8 @@ sqgetGlobalVar('ent_id', $ent_id, SQ_GET); sqgetGlobalVar('startMessage', $startMessage, SQ_GET); /* end globals */ -$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); sqimap_mailbox_select($imapConnection, $mailbox); displayPageHeader($color); diff --git a/src/view_header.php b/src/view_header.php index ee151785..65214f91 100644 --- a/src/view_header.php +++ b/src/view_header.php @@ -93,8 +93,9 @@ if ( !sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ) { } sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); +global $imapSslOptions; // in case not defined in config $imapConnection = sqimap_login($username, false, $imapServerAddress, - $imapPort, 0); + $imapPort, 0, $imapSslOptions); $mbx_response = sqimap_mailbox_select($imapConnection, $mailbox, false, false, true); $header = parse_viewheader($imapConnection,$passed_id, $passed_ent_id); diff --git a/src/view_html.php b/src/view_html.php index e4355a3c..185349f8 100644 --- a/src/view_html.php +++ b/src/view_html.php @@ -38,7 +38,8 @@ sqgetGlobalVar('passed_id', $passed_id, SQ_GET, NULL, SQ_TYPE_BIGINT); // TODO: add required var checks here. -$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $mbx_response = sqimap_mailbox_select($imap_stream, $mailbox); $message = &$messages[$mbx_response['UIDVALIDITY']][$passed_id]; diff --git a/src/view_text.php b/src/view_text.php index 94655a01..382d9dde 100644 --- a/src/view_text.php +++ b/src/view_text.php @@ -29,7 +29,8 @@ sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET); sqgetGlobalVar('QUERY_STRING', $QUERY_STRING, SQ_SERVER); sqgetGlobalVar('passed_id', $passed_id, SQ_GET, NULL, SQ_TYPE_BIGINT); -$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); +global $imapSslOptions; // in case not defined in config +$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imapSslOptions); $mbx_response = sqimap_mailbox_select($imapConnection, $mailbox); $message = &$messages[$mbx_response['UIDVALIDITY']][$passed_id]; -- 2.25.1