[RCD] CA validation

A.L.E.C alec at alec.pl
Wed Nov 27 08:55:12 CET 2013


On 11/24/2013 06:20 AM, Emmanuel Dreyfus wrote:

> Net_SMTP allows a stream context options to be provided, and this stream
> context options can be used to enforce CA valdation. It would work like
> this:
> 
> $opts = array(
>        'ssl' => array(
>                   'verify_peer' => TRUE,
>                   'verify_depth' => 5,
>                   'cafile' => '/path/to_ca_file', 
>         ),
> );
> $this->conn = 
>     new Net_SMTP($smtp_host, $smtp_port, $helo_host, false, 0, $opts);
>    
> I would like to contribute such a change. Obviously, ca_file must be
> available as a config option (what name?). Is there any comment on the
> approach?   

I propose to add 'smtp_conn_options' option where you could specify the
whole options array as above. In comments we should provide an example
and link to http://us1.php.net/manual/en/context.ssl.php

> I have not looked at the IMAP side: I use imapproxy for connexion
> caching, and therefore Roundcube is not in charge of TLS.

rcube_imap_generic class does not use stream_context_create() so we'd
need more changes here, but that should be quite simple change as the
code is already in Net_Socket.

-- 
Aleksander 'A.L.E.C' Machniak
LAN Management System Developer [http://lms.org.pl]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl


More information about the dev mailing list