SSL stream context options added Webklex#238 Webklex#546

Co-authored-by: LE MOINE Laurent <[email protected]>

Author: llemoine

src/Client.php

@@ -100,6 +100,16 @@ class Client {
         'password' => null,
     ];
 
+
+    /**
+     * SSL stream context options
+     *
+     * @see https://www.php.net/manual/en/context.ssl.php for possible options
+     *
+     * @var array
+     */
+    protected array $ssl_options = [];
+
     /**
      * Connection timeout
      * @var int $timeout
@@ -184,7 +194,8 @@ class Client {
             'username' => null,
             'password' => null,
         ],
-        "timeout" => 30
+        'ssl_options' => [],
+        "timeout" => 30,
     ];
 
     /**
@@ -436,6 +447,7 @@ public function connect(): Client {
             $this->connection = new ImapProtocol($this->config, $this->validate_cert, $this->encryption);
             $this->connection->setConnectionTimeout($this->timeout);
             $this->connection->setProxy($this->proxy);
+            $this->connection->setSslOptions($this->ssl_options);
         }else{
             if (extension_loaded('imap') === false) {
                 throw new ConnectionFailedException("connection setup failed", 0, new ProtocolNotSupportedException($protocol." is an unsupported protocol"));

src/Connection/Protocols/Protocol.php

@@ -71,6 +71,15 @@ abstract class Protocol implements ProtocolInterface {
         'password' => null,
     ];
 
+    /**
+     * SSL stream context options
+     *
+     * @see https://www.php.net/manual/en/context.ssl.php for possible options
+     *
+     * @var array
+     */
+    protected array $ssl_options = [];
+
     /**
      * Cache for uid of active folder.
      *
@@ -162,6 +171,28 @@ public function getProxy(): array {
         return $this->proxy;
     }
 
+    /**
+     * Set SSL context options settings
+     * @var array $options
+     *
+     * @return Protocol
+     */
+    public function setSslOptions(array $options): Protocol
+    {
+        $this->ssl_options = $options;
+
+        return $this;
+    }
+
+    /**
+     * Get the current SSL context options settings
+     *
+     * @return array
+     */
+    public function getSslOptions(): array {
+        return $this->ssl_options;
+    }
+
     /**
      * Prepare socket options
      * @return array
@@ -175,6 +206,11 @@ private function defaultSocketOptions(string $transport): array {
                 'verify_peer_name' => $this->getCertValidation(),
                 'verify_peer'      => $this->getCertValidation(),
             ];
+
+            if (count($this->ssl_options)) {
+                /* Get the ssl context options from the config, but prioritize the 'validate_cert' config over the ssl context options */
+                $options["ssl"] = array_replace($this->ssl_options, $options["ssl"]);
+            }
         }
 
         if ($this->proxy["socket"] != null) {

tests/ImapProtocolTest.php

@@ -48,5 +48,17 @@ public function testImapProtocol(): void {
 
         self::assertSame(true, $protocol->getCertValidation());
         self::assertSame("ssl", $protocol->getEncryption());
+
+        $protocol->setSslOptions([
+            'verify_peer' => true,
+            'cafile' => '/dummy/path/for/testing',
+            'peer_fingerprint' => ['md5' => 40],
+        ]);
+
+        self::assertSame([
+            'verify_peer' => true,
+            'cafile' => '/dummy/path/for/testing',
+            'peer_fingerprint' => ['md5' => 40],
+        ], $protocol->getSslOptions());
     }
 }