+ /**
+ * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
+ * http://www.php.net/stream-socket-enable-crypto
+ */
+ if ($use_smtp_tls === 2) {
+ if (function_exists('stream_socket_enable_crypto')) {
+ // don't try starting tls, when client thinks that it is already active
+ if ($this->tls_enabled) {
+ $this->dlv_msg = _("TLS session is already activated.");
+ return 0;
+ } elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
+ // check for starttls in ehlo response
+ $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
+ return 0;
+ }
+
+ // issue starttls command
+ fputs($stream, "STARTTLS\r\n");
+ // get response
+ $tmp = fgets($stream,1024);
+ if ($this->errorCheck($tmp,$stream)) {
+ return 0;
+ }
+
+ // start crypto on connection. suppress function errors.
+ if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+ // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
+ // get new EHLO response
+ fputs($stream, "EHLO $helohost\r\n");
+ // Read ehlo response
+ $tmp = $this->parse_ehlo_response($stream);
+ if ($this->errorCheck($tmp,$stream)) {
+ // don't revert to helo here. server must support ESMTP
+ return 0;
+ }
+ // set information about started tls
+ $this->tls_enabled = true;
+ } else {
+ /**
+ * stream_socket_enable_crypto() call failed.
+ */
+ $this->dlv_msg = _("Unable to start TLS.");
+ return 0;
+ // Bug: can't get error message. See comments in sqimap_create_stream().
+ }
+ } else {
+ // php install does not support stream_socket_enable_crypto() function
+ $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
+ return 0;
+ }
+ }
+
+ // FIXME: check ehlo response before using authentication
+
+ // Try authentication by a plugin
+ //
+ // NOTE: there is another hook in functions/auth.php called "smtp_auth"
+ // that allows a plugin to specify a different set of login credentials
+ // (so is slightly mis-named, but is too old to change), so be careful
+ // that you do not confuse your hook names.
+ //
+ $smtp_auth_args = array(
+ 'auth_mech' => $smtp_auth_mech,
+ 'user' => $user,
+ 'pass' => $pass,
+ 'host' => $host,
+ 'port' => $port,
+ 'stream' => $stream,
+ );
+ if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) {
+ // authentication succeeded
+ } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {