Goetz Babin-Ebell wrote: > Hello Richard, > > Richard Levitte - VMS Whacker wrote: > > In message <[EMAIL PROTECTED]> on Thu, 15 Feb 2007 > 10:34:23 -0800, > > Kees Cook <[EMAIL PROTECTED]> said: > > > kees> 3 years ago, I wrote a patch[1] (and did the TSU[2]) for adding > > kees> these features to s_client. Can this please be applied to CVS? > > > Yes. Done. Thank you, and sorry you had to wait 3 years for this to > > happen. > > The problem (not only I have) with the patch is > that at least in SMTP and IMAP it is illegal > to start TLS before an initial protocol handshake is done: > > * in SMTP doing a STARTTLS without previous EHLO > will return a > 503 STARTTLS command used when not advertised > * in IMAP doing a STARTLS requires a > . CAPABILITY > first. > > In both cases the server response should be parsed for > the string "STARTTLS"... > This statement is technically correct. As the s_client tool is however intended for testing purposes only (you remember that a capital "R" at the beginning of the line will start a renegotiation instead of being transferred to the server :-) adding the EHLO and .CAPABILITY should be sufficient and the more complex parsing of the response might be omitted...
Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]