[ticket/13558] Add smtp SSL context configuration options

PHPBB3-13558

phpBB/includes/acp/acp_board.php

@@ -454,6 +454,9 @@ class acp_board
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
 						'smtp_password'			=> array('lang' => 'SMTP_PASSWORD',			'validate' => 'string',	'type' => 'password:25:255', 'explain' => true),
+						'ssl_verify_peer'		=> array('lang' => 'SSL_VERIFY_PEER',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'ssl_verify_peer_name'	=> array('lang' => 'SSL_VERIFY_PEER_NAME',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'ssl_allow_self_signed'	=> array('lang' => 'SSL_ALLOW_SELF_SIGNED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend3'					=> 'ACP_SUBMIT_CHANGES',
 					)

phpBB/includes/functions_messenger.php

@@ -1467,6 +1467,17 @@ class smtp_class
 
 		if (socket_set_blocking($this->socket, 1))
 		{
+			global $config;
+
+			$options = array();
+			$verify_peer = (bool) $config['ssl_verify_peer'];
+			$verify_peer_name = (bool) $config['ssl_verify_peer_name'];
+			$allow_self_signed = (bool) $config['ssl_allow_self_signed'];
+
+			// Set ssl context options, see http://php.net/manual/en/context.ssl.php
+			$options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
+			stream_context_set_option($this->socket, $options);
+
 			$result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
 			socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
 		}

phpBB/language/en/acp/board.php

@@ -574,6 +574,14 @@ $lang = array_merge($lang, array(
 	'SMTP_SETTINGS'					=> 'SMTP settings',
 	'SMTP_USERNAME'					=> 'SMTP username',
 	'SMTP_USERNAME_EXPLAIN'			=> 'Only enter a username if your SMTP server requires it.',
+
+	'SSL_ALLOW_SELF_SIGNED'			=> 'Allow self-signed certificates',
+	'SSL_ALLOW_SELF_SIGNED_EXPLAIN'	=> 'Allow self-signed certificates for SSL / TLS connections.',
+	'SSL_VERIFY_PEER'				=> 'Verify peer',
+	'SSL_VERIFY_PEER_EXPLAIN'		=> 'Require verification of SSL certificate used.',
+	'SSL_VERIFY_PEER_NAME'			=> 'Verify peer name',
+	'SSL_VERIFY_PEER_NAME_EXPLAIN'	=> 'Require verification of peer name for SSL / TLS connections.',
+
 	'USE_SMTP'						=> 'Use SMTP server for email',
 	'USE_SMTP_EXPLAIN'				=> 'Select “Yes” if you want or have to send email via a named server instead of the local mail function.',
 ));

phpBB/phpbb/db/migration/data/v31x/add_smtp_ssl_context_config_options.php

@@ -0,0 +1,32 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class add_smtp_ssl_context_config_options extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array('\phpbb\db\migration\data\v31x\v3110');
+	}
+
+	public function update_data()
+	{
+		return array(
+			// See http://php.net/manual/en/context.ssl.php
+			array('config.add', array('ssl_verify_peer', 1)),
+			array('config.add', array('ssl_verify_peer_name', 1)),
+			array('config.add', array('ssl_allow_self_signed', 0)),
+		);
+	}
+}