From 8477354c337a57698742c3ed7fd5c48c69f5d964 Mon Sep 17 00:00:00 2001
From: Wytze van der Raay <wytze@cacert.org>
Date: Fri, 5 Dec 2014 09:05:04 +0000
Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=1288 "Support
 STARTTLS when doing a ping mail"

---
 includes/general.php | 75 ++++++++++++++++++++++++++++++++++++--------
 1 file changed, 62 insertions(+), 13 deletions(-)

diff --git a/includes/general.php b/includes/general.php
index 596cc49..b34b870 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -555,28 +555,77 @@
 
 			foreach($mxhosts as $key => $domain)
 			{
-				$fp = @fsockopen($domain,25,$errno,$errstr,5);
+				$fp_opt = array(
+					'ssl' => array(
+						'verify_peer'   => false,	// Opportunistic Encryption
+						)
+					);
+				$fp_ctx = stream_context_create($fp_opt);
+				$fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
 				if($fp)
 				{
+					stream_set_blocking($fp, true);
 
-					$line = fgets($fp, 4096);
-                                        while(substr($line, 0, 4) == "220-")
-                                               $line = fgets($fp, 4096);
-					if(substr($line, 0, 3) != "220")
+					$has_starttls = false;
+
+					do {
+						$line = fgets($fp, 4096);
+					} while(substr($line, 0, 4) == "220-");
+					if(substr($line, 0, 3) != "220") {
+						fclose($fp);
 						continue;
-					fputs($fp, "HELO www.cacert.org\r\n");
-					$line = fgets($fp, 4096);
-					while(substr($line, 0, 3) == "220")
+					}
+
+					fputs($fp, "EHLO www.cacert.org\r\n");
+					do {
 						$line = fgets($fp, 4096);
-					if(substr($line, 0, 3) != "250")
+						$has_starttls |= substr(trim($line),4) == "STARTTLS";
+					} while(substr($line, 0, 4) == "250-");
+					if(substr($line, 0, 3) != "250") {
+						fclose($fp);
 						continue;
-					fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
-					$line = fgets($fp, 4096);
+					}
+
+					if($has_starttls) {
+						fputs($fp, "STARTTLS\r\n");
+						do {
+							$line = fgets($fp, 4096);
+						} while(substr($line, 0, 4) == "220-");
+						if(substr($line, 0, 3) != "220") {
+							fclose($fp);
+							continue;
+						}
+
+						stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+
+						fputs($fp, "EHLO www.cacert.org\r\n");
+						do {
+							$line = fgets($fp, 4096);
+						} while(substr($line, 0, 4) == "250-");
+						if(substr($line, 0, 3) != "250") {
+							fclose($fp);
+							continue;
+						}
+					}
 
-					if(substr($line, 0, 3) != "250")
+					fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
+					do {
+						$line = fgets($fp, 4096);
+					} while(substr($line, 0, 4) == "250-");
+					if(substr($line, 0, 3) != "250") {
+						fclose($fp);
 						continue;
+					}
+
 					fputs($fp, "RCPT TO:<$email>\r\n");
-					$line = trim(fgets($fp, 4096));
+					do {
+						$line = fgets($fp, 4096);
+					} while(substr($line, 0, 4) == "250-");
+					if(substr($line, 0, 3) != "250") {
+						fclose($fp);
+						continue;
+					}
+
 					fputs($fp, "QUIT\r\n");
 					fclose($fp);