Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:21278 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 58985 invoked by uid 1010); 19 Dec 2005 10:09:06 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 58969 invoked from network); 19 Dec 2005 10:09:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Dec 2005 10:09:06 -0000 X-Host-Fingerprint: 69.61.164.22 am-productions.biz Received: from ([69.61.164.22:56392] helo=mail.united-ware.com) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 83/52-14561-1C686A34 for ; Mon, 19 Dec 2005 05:09:05 -0500 Received: from [192.168.1.100] (am-productions.biz [69.61.164.22]) (authenticated bits=0) by mail.united-ware.com (8.13.4/8.13.4) with ESMTP id jBJACNpd059561 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Mon, 19 Dec 2005 05:12:29 -0500 (EST) (envelope-from mistry.7@osu.edu) To: internals@lists.php.net Date: Mon, 19 Dec 2005 05:11:04 -0500 User-Agent: KMail/1.8.3 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1466404.nZdx5hWOGP"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-ID: <200512190511.11835.mistry.7@osu.edu> X-Spam-Status: No, score=-0.9 required=5.0 tests=ALL_TRUSTED,BAYES_05,BIZ_TLD, UPPERCASE_25_50 autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on mail.united-ware.com X-Virus-Scanned: ClamAV 0.87/1212/Sun Dec 18 06:09:50 2005 on mail.united-ware.com X-Virus-Status: Clean Subject: STARTTLS support for SIEVE From: mistry.7@osu.edu (Anish Mistry) --nextPart1466404.nZdx5hWOGP Content-Type: multipart/mixed; boundary="Boundary-01=_4copDq9myni1MWb" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_4copDq9myni1MWb Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Attached is a patch to enable (SIEVE) STARTTLS support for fsockopen=20 using stls://host.example.org I'm pretty sure I've got it to conform to the RFC: http://www.holtmann.org/email/sieve/draft-martin-managesieve-03.txt Currently it only works with SIEVE, but it could be easily extended to=20 do SMTP (Send "EHLO hostname" first) and IMAP. Maybe something like sieve+stls:// and smtp+stls:// would be better=20 for the separate STARTTLS setups. http://am-productions.biz/docs/patch-openssl-starttls.patch I'm sure there are a bunch of things "wrong" with how I've done this,=20 so feel free to send suggestions. Thanks, =2D-=20 Anish Mistry --Boundary-01=_4copDq9myni1MWb Content-Type: text/x-diff; charset="us-ascii"; name="openssl-starttls.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="openssl-starttls.patch" diff -ruN ext/openssl/xp_ssl.c ext/openssl/xp_ssl.c =2D-- ext/openssl/xp_ssl.c Wed Sep 7 11:36:23 2005 +++ ext/openssl/xp_ssl.c Sun Dec 18 04:18:15 2005 @@ -31,8 +31,26 @@ #include #endif =20 +#define STARTTLS_BUFFER 1024 +#define STARTTLS_CMD_CAPABILITY "CAPABILITY" +#define STARTTLS_CMD_STARTTLS "STARTTLS" +#define STARTTLS_CMD_LOGOUT "LOGOUT" +#define STARTTLS_CAPABLE "\"STARTTLS\"" +#define STARTTLS_RESPONSE_OK "OK" +#define STARTTLS_RESPONSE_BAD "BAD" +#define STARTTLS_ENDLINE "\n" + +enum starttls_state { +STARTTLS_STATE_CONNECT, +STARTTLS_STATE_CAPABILITY, +STARTTLS_STATE_HAS_CAPABILITY, +STARTTLS_STATE_NEGOTIATE, +STARTTLS_STATE_TERMINATE +}; + int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream= *stream TSRMLS_DC); SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC); +int php_stream_starttls_setup(php_stream *stream); =20 /* This implementation is very closely tied to the that of the native * sockets implemented in the core. @@ -324,6 +342,10 @@ sslsock->is_client =3D 1; method =3D TLSv1_client_method(); break; + case STREAM_CRYPTO_METHOD_STLS_CLIENT: + sslsock->is_client =3D 1; + method =3D TLSv1_client_method(); + break; case STREAM_CRYPTO_METHOD_SSLv23_SERVER: sslsock->is_client =3D 0; method =3D SSLv23_server_method(); @@ -435,7 +457,6 @@ php_stream_xport_param *xparam STREAMS_DC TSRMLS_DC) { int clisock; =2D xparam->outputs.client =3D NULL; =20 clisock =3D php_network_accept_incoming(sock->s.socket, @@ -484,6 +505,10 @@ case STREAM_CRYPTO_METHOD_TLS_CLIENT: sock->method =3D STREAM_CRYPTO_METHOD_TLS_SERVER; break; + case STREAM_CRYPTO_METHOD_STLS_CLIENT: + php_stream_starttls_setup(stream); + sock->method =3D STREAM_CRYPTO_METHOD_TLS_SERVER; + break; } =20 clisockdata->method =3D sock->method; @@ -704,12 +729,120 @@ } else if (strncmp(proto, "tls", protolen) =3D=3D 0) { sslsock->enable_on_connect =3D 1; sslsock->method =3D STREAM_CRYPTO_METHOD_TLS_CLIENT; + } else if (strncmp(proto, "stls", protolen) =3D=3D 0) { + sslsock->enable_on_connect =3D 1; + sslsock->method =3D STREAM_CRYPTO_METHOD_STLS_CLIENT; } =20 return stream; } =20 +int php_stream_starttls_setup(php_stream *stream) +{ + char buffer[STARTTLS_BUFFER]; + char *curstring =3D NULL; + char *curtoken =3D NULL; + int conn_state =3D STARTTLS_STATE_CONNECT; + int bytesread =3D 0; + /* STLS/STARTTLS requires STARTTLS to be sent + and OK'd be the server before a TLS negotiation + may begin. */ + while(conn_state !=3D STARTTLS_STATE_NEGOTIATE && conn_state !=3D STARTTL= S_STATE_TERMINATE && php_stream_gets(stream,buffer,STARTTLS_BUFFER) !=3D NU= LL && !php_stream_eof(stream)) + { + switch(conn_state) + { + case STARTTLS_STATE_CONNECT: + curstring =3D buffer; + curtoken =3D buffer; + =09 + curtoken =3D strsep(&curstring, " \t\n\r"); + while(curstring !=3D NULL) + { + if(strncmp(STARTTLS_RESPONSE_OK,buffer,sizeof(STARTTLS_RESPONSE_OK)) = =3D=3D 0) + { + conn_state =3D STARTTLS_STATE_CAPABILITY; + /* The server is ready for commands */ + php_write_stream(stream,STARTTLS_CMD_CAPABILITY,sizeof(STARTTLS_CMD_= CAPABILITY)); + php_write_stream(stream,STARTTLS_ENDLINE,sizeof(STARTTLS_ENDLINE)); + curstring =3D NULL; + + } + else if(strncmp(STARTTLS_RESPONSE_BAD,buffer,sizeof(STARTTLS_RESPONSE= _BAD)) =3D=3D 0) + { + conn_state =3D STARTTLS_STATE_TERMINATE; + curstring =3D NULL; + break; + + } + else + curtoken =3D strsep(&curstring, " \t\n\r"); + } + break; + case STARTTLS_STATE_CAPABILITY: + curstring =3D buffer; + curtoken =3D buffer; + =09 + curtoken =3D strsep(&curstring, " \t\n\r"); + while(curstring !=3D NULL) + { + if(strncmp(STARTTLS_CAPABLE,buffer,sizeof(STARTTLS_CAPABLE)) =3D=3D 0) + { + conn_state =3D STARTTLS_STATE_HAS_CAPABILITY; + /* The server is ready for commands */ + php_write_stream(stream,STARTTLS_CMD_CAPABILITY,sizeof(STARTTLS_CMD_= CAPABILITY)); + php_write_stream(stream,STARTTLS_ENDLINE,sizeof(STARTTLS_ENDLINE)); + curstring =3D NULL; =20 + } + else if(strncmp(STARTTLS_RESPONSE_BAD,buffer,sizeof(STARTTLS_RESPONSE= _BAD)) =3D=3D 0) + { + conn_state =3D STARTTLS_STATE_TERMINATE; + curstring =3D NULL; + break; + + } + else + curtoken =3D strsep(&curstring, " \t\n\r"); + } + break; + case STARTTLS_STATE_HAS_CAPABILITY: + curstring =3D buffer; + curtoken =3D buffer; + =09 + curtoken =3D strsep(&curstring, " \t\n\r"); + while(curstring !=3D NULL) + { + if(strncmp(STARTTLS_RESPONSE_OK,buffer,sizeof(STARTTLS_RESPONSE_OK)) = =3D=3D 0) + { + conn_state =3D STARTTLS_STATE_NEGOTIATE; + /* The server is ready for commands */ + php_write_stream(stream,STARTTLS_CMD_STARTTLS,sizeof(STARTTLS_CMD_ST= ARTTLS)); + php_write_stream(stream,STARTTLS_ENDLINE,sizeof(STARTTLS_ENDLINE)); + curstring =3D NULL; + + } + else if(strncmp(STARTTLS_RESPONSE_BAD,buffer,sizeof(STARTTLS_RESPONSE= _BAD)) =3D=3D 0) + { + conn_state =3D STARTTLS_STATE_TERMINATE; + curstring =3D NULL; + break; + + } + else + curtoken =3D strsep(&curstring, " \t\n\r"); + } + break; + } + } + if(conn_state =3D=3D STARTTLS_STATE_TERMINATE) + { + php_write_stream(stream,STARTTLS_CMD_LOGOUT,sizeof(STARTTLS_CMD_LOGOUT)); + php_write_stream(stream,STARTTLS_ENDLINE,sizeof(STARTTLS_ENDLINE)); + return 0; + } + return 1; + +} =20 /* * Local variables: diff -ruN ext/standard/file.c ext/standard/file.c =2D-- ext/standard/file.c Fri Oct 21 08:13:37 2005 +++ ext/standard/file.c Sun Dec 18 04:18:14 2005 @@ -223,6 +223,7 @@ REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv3_CLIENT", STREAM_CRYPT= O_METHOD_SSLv3_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv23_CLIENT", STREAM_CRYPT= O_METHOD_SSLv23_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLS_CLIENT", STREAM_CRYPTO_= METHOD_TLS_CLIENT, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_STLS_CLIENT", STREAM_CRYPTO= _METHOD_STLS_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv2_SERVER", STREAM_CRYPT= O_METHOD_SSLv2_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv3_SERVER", STREAM_CRYPT= O_METHOD_SSLv3_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv23_SERVER", STREAM_CRYPT= O_METHOD_SSLv23_SERVER, CONST_CS|CONST_PERSISTENT); diff -ruN main/streams/php_stream_transport.h main/streams/php_stream_trans= port.h =2D-- main/streams/php_stream_transport.h Wed Aug 3 10:08:42 2005 +++ main/streams/php_stream_transport.h Sun Dec 18 04:18:16 2005 @@ -153,6 +153,7 @@ STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, STREAM_CRYPTO_METHOD_TLS_CLIENT, + STREAM_CRYPTO_METHOD_STLS_CLIENT, STREAM_CRYPTO_METHOD_SSLv2_SERVER, STREAM_CRYPTO_METHOD_SSLv3_SERVER, STREAM_CRYPTO_METHOD_SSLv23_SERVER, --Boundary-01=_4copDq9myni1MWb-- --nextPart1466404.nZdx5hWOGP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDpoc/xqA5ziudZT0RAiBwAKDV5l2QLzds6jwegDGfXMRpwORDZACdEnOn B5SL0ggNDSg21TFEd0fEj/Y= =B8iW -----END PGP SIGNATURE----- --nextPart1466404.nZdx5hWOGP--