Hello!
3 years ago, I wrote a patch[1] (and did the TSU[2]) for adding these
features to s_client. Can this please be applied to CVS? I've seen
other people on the mailing list asking for it[3], including fixes for
HELO[4].
This is a pretty trivial patch, and would help a lot of people. I have
updated it (see attached) for current CVS. Is there anything else I
need to help with to see it get committed?
Thanks,
-Kees
[1] http://marc.theaimsgroup.com/?l=openssl-dev&m=109794442901659&w=2
[2] http://marc.theaimsgroup.com/?l=openssl-dev&m=109803041012966&w=2
[3] http://marc.theaimsgroup.com/?l=openssl-dev&w=2&r=1&s=starttls&q=b
[4] http://www.mail-archive.com/[email protected]/msg20600.html
--
Kees Cook @outflux.net
Index: apps/s_client.c
===================================================================
RCS file: /scratch/src/openssl/upstream-cvs/openssl/apps/s_client.c,v
retrieving revision 1.98
diff -u -p -u -p -r1.98 s_client.c
--- apps/s_client.c 29 Nov 2006 20:54:55 -0000 1.98
+++ apps/s_client.c 15 Feb 2007 18:32:15 -0000
@@ -316,7 +316,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
- BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
+ BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
@@ -348,6 +348,15 @@ static int MS_CALLBACK ssl_servername_cb
}
#endif
+enum
+{
+ PROTO_OFF = 0,
+ PROTO_SMTP,
+ PROTO_POP3,
+ PROTO_IMAP,
+ PROTO_FTP,
+};
+
int MAIN(int, char **);
int MAIN(int argc, char **argv)
@@ -374,12 +383,13 @@ int MAIN(int argc, char **argv)
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
- int starttls_proto = 0;
+ int starttls_proto = PROTO_OFF;
int prexit = 0, vflags = 0;
const SSL_METHOD *meth=NULL;
int socket_type=SOCK_STREAM;
BIO *sbio;
char *inrand=NULL;
+ int mbuf_len=0;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
ENGINE *e=NULL;
@@ -610,9 +620,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
++argv;
if (strcmp(*argv,"smtp") == 0)
- starttls_proto = 1;
+ starttls_proto = PROTO_SMTP;
else if (strcmp(*argv,"pop3") == 0)
- starttls_proto = 2;
+ starttls_proto = PROTO_POP3;
+ else if (strcmp(*argv,"imap") == 0)
+ starttls_proto = PROTO_IMAP;
+ else if (strcmp(*argv,"ftp") == 0)
+ starttls_proto = PROTO_FTP;
else
goto bad;
}
@@ -898,18 +912,40 @@ re_start:
sbuf_off=0;
/* This is an ugly hack that does a lot of assumptions */
- if (starttls_proto == 1)
+ if (starttls_proto == PROTO_SMTP)
{
- BIO_read(sbio,mbuf,BUFSIZZ);
+ /* wait for multi-line response to end from SMTP */
+ do
+ {
+ mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+ }
+ while (mbuf_len>3 && mbuf[3]=='-');
BIO_printf(sbio,"STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
- if (starttls_proto == 2)
+ else if (starttls_proto == PROTO_POP3)
{
BIO_read(sbio,mbuf,BUFSIZZ);
BIO_printf(sbio,"STLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
+ else if (starttls_proto == PROTO_IMAP)
+ {
+ BIO_read(sbio,mbuf,BUFSIZZ);
+ BIO_printf(sbio,"0 STARTTLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+ else if (starttls_proto == PROTO_FTP)
+ {
+ /* wait for multi-line response to end from FTP */
+ do
+ {
+ mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+ }
+ while (mbuf_len>3 && mbuf[3]=='-');
+ BIO_printf(sbio,"AUTH TLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
for (;;)
{
@@ -940,7 +976,7 @@ re_start:
{
BIO_printf(bio_err,"%s",mbuf);
/* We don't need to know any more */
- starttls_proto = 0;
+ starttls_proto = PROTO_OFF;
}
if (reconnect)
Index: doc/apps/s_client.pod
===================================================================
RCS file: /scratch/src/openssl/upstream-cvs/openssl/doc/apps/s_client.pod,v
retrieving revision 1.14
diff -u -p -u -p -r1.14 s_client.pod
--- doc/apps/s_client.pod 10 Mar 2006 23:06:15 -0000 1.14
+++ doc/apps/s_client.pod 15 Feb 2007 18:19:34 -0000
@@ -194,7 +194,7 @@ command for more information.
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp" and "pop3".
+supported keywords are "smtp", "pop3", "imap", and "ftp".
=item B<-engine id>
