Skip to content

Instantly share code, notes, and snippets.

@Jan-E

Jan-E/secure_stream_test.php

Last active October 29, 2019 05:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Jan-E/7f0055624b82c39dee6ae5b712f2c97a to your computer and use it in GitHub Desktop.
Save Jan-E/7f0055624b82c39dee6ae5b712f2c97a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
secure_stream_test.php
<?php
$server = 'smtp.example.com';
$port = '587';
set_time_limit(180);
error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
ini_set ('display_errors', "On");
header("Pragma: no-cache");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-control: no-cache, no-store, must-revalidate, max_age=0");
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
if (defined('STREAM_CRYPTO_METHOD_SSLv3_CLIENT')) {
$crypto_method |= STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
}
if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
}
echo "<pre>";
$options['ssl']['verify_peer'] = TRUE;
$options['ssl']['verify_peer_name'] = FALSE;
$options['ssl']['allow_self_signed'] = TRUE;
//STREAM_CLIENT_CONNECT, stream_context_create($options)
$fp = stream_socket_client("{$server}:{$port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create($options));
if (!$fp) {
die("Unable to connect: $errstr ($errno)");
} else {
echo "<b><i>".stream_socket_get_name($fp, true)." connected</i></b>\r\n\r\n";
}
// 220 smtp.gmail.com ESMTP h17sm1307581wme.6 - gsmtp
$res=fgets($fp); echo $res; if(substr($res,0,3) != "220") stoppen($fp);
echo "\r\n<b><i>Send EHLO ".$server."</i></b>\r\n\r\n";
$sent = fwrite($fp, "EHLO ".$server."\r\n");
$starttls = 0;
for ($i = 1; $fp && !feof($fp) && $i < 20; $i++) {
$res=fgets($fp); echo $res;
if($starttls == 0) {
if (strpos($res,"STARTTLS")) {
echo "\r\n<b><i>Send STARTTLS</i></b>\r\n\r\n";
$sent = fwrite($fp, "STARTTLS\r\n");
if ($sent) $starttls = 1;
}
}
if ($starttls == 1) {
// 220 TLS go ahead
// 220 2.0.0 Ready to start TLS
if(substr($res,0,3) == "220") {
echo "\r\n<b><i>Turn on encryption for login phase: stream_socket_enable_crypto</i></b>\r\n";
/* Turn on encryption for login phase */
$ret = stream_socket_enable_crypto($fp, true, $crypto_method);
if ($ret === 0) $rettext = '0';
else $rettext = $ret ? 'true' : 'false';
echo "\r\n<b><i>".stream_socket_get_name($fp, true).": stream_socket_enable_crypto returned '".$rettext."'</i></b>\r\n";
if (!$ret) stoppen($fp);
if ($ret) $starttls = 2;
}
}
if ($starttls == 2) {
echo "\r\n<b><i>Send 2nd EHLO ".$server."</i></b>\r\n\r\n";
$sent = fwrite($fp, "EHLO ".$server."\r\n");
if ($sent) $starttls = 3;
}
if ($starttls == 3) {
// 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
if (strpos($res,"AUTH")) {
echo "\r\n<b><i>Received AUTH</i></b>\r\n\r\n";
$starttls = 4;
}
}
if ($starttls == 4) {
// 250 SMTPUTF8
if(substr($res,0,4) == "250 ") {
echo "\r\n<b><i>Received '250 '</i></b>\r\n";
$starttls = 5;
stoppen($fp); // break
}
}
}
if ($fp) stoppen($fp);
function stoppen($fp) {
fputs($fp, "QUIT\n");
stream_socket_shutdown($fp,STREAM_SHUT_RDWR);
die("\r\n<b><i>QUIT & close</i></b>\r\n\r\n");
}
?>
@Jan-E
Copy link
Author

Jan-E commented Oct 26, 2019
edited

My PHP 7.2 configure script, which is a custom script for Directadmin:

#!/bin/sh
./configure \
	--prefix=/usr/local/php72 \
	--program-suffix=72 \
	--enable-fpm \
	--with-config-file-scan-dir=/usr/local/php72/lib/php.conf.d \
	--with-curl=/usr/local/ssl-1.1.1 \
	--with-gd \
	--with-gettext \
	--with-jpeg-dir=/usr/local/lib \
	--with-freetype-dir=/usr/local/lib \
	--with-libxml-dir=/usr/local/lib \
	--with-kerberos \
	--with-openssl=/usr/local/ssl-1.1.1 \
	CFLAGS=-I/usr/local/include \
	LDFLAGS=-L/usr/local/lib \
	LIBS="-ldl -lpthread -lnghttp2 -lrtmp" \
	OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" \
	OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" \
	--with-mhash \
	--with-mysql-sock=/var/lib/mysql/mysql.sock \
	--with-mysqli=mysqlnd \
	--with-pcre-regex=/usr/local \
	--with-pdo-mysql=mysqlnd \
	--with-pear \
	--with-png-dir=/usr/local/lib \
	--with-sodium=/usr/local \
	--with-webp-dir=/usr/local/lib \
	--with-xsl \
	--with-zlib \
	--enable-zip \
	--without-libzip \
	--with-iconv=/usr/local \
	--enable-bcmath \
	--enable-calendar \
	--enable-exif \
	--enable-ftp \
	--enable-sockets \
	--enable-soap \
	--enable-mbstring \
	--with-icu-dir=/usr/local/icu \
	--enable-intl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment