-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lutz Jaenicke wrote:
> Goetz Babin-Ebell wrote:
[...]
>> * in SMTP doing a STARTTLS without previous EHLO
>> will return a
>> 503 STARTTLS command used when not advertised
>> * in IMAP doing a STARTLS requires a
>> . CAPABILITY
>> first.
>>
>> In both cases the server response should be parsed for
>> the string "STARTTLS"...
>>
> This statement is technically correct. As the s_client tool is however
> intended for testing purposes only (you remember that a capital
> "R" at the beginning of the line will start a renegotiation instead
> of being transferred to the server :-) adding the EHLO and .CAPABILITY
> should be sufficient and the more complex parsing of the response
> might be omitted...
Do you want something like the attached patch ?
(untested, I'm off to bed...)
Bye
Goetz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFF2lTq2iGqZUF3qPYRAirhAJ9+e7H1qRzUH7RZAuHKBGpqUDrVfwCfb2A2
B7Z713+mhzGcIx5/VZHtBNA=
=ABXa
-----END PGP SIGNATURE-----
Index: apps/s_client.c
===================================================================
RCS file: /home/gbe/data/cvs/openssl/openssl/apps/s_client.c,v
retrieving revision 1.100
diff -u -r1.100 s_client.c
--- apps/s_client.c 18 Feb 2007 18:21:57 -0000 1.100
+++ apps/s_client.c 20 Feb 2007 01:47:50 -0000
@@ -914,12 +914,27 @@
/* This is an ugly hack that does a lot of assumptions */
if (starttls_proto == PROTO_SMTP)
{
+ int foundit=0;
/* wait for multi-line response to end from SMTP */
do
{
mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
}
while (mbuf_len>3 && mbuf[3]=='-');
+ /* STARTTLS command requires EHLO... */
+ BIO_printf(sbio,"EHLO openssl.client.net\r\n");
+ /* wait for multi-line response to end EHLO SMTP response */
+ do
+ {
+ mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+ if (strstr(mbuf,"STARTTLS"))
+ foundit=1;
+ }
+ while (mbuf_len>3 && mbuf[3]=='-');
+ if (!foundit)
+ BIO_printf(bio_err,
+ "didn't found starttls in server response,"
+ " try anyway...\n");
BIO_printf(sbio,"STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
@@ -931,8 +946,23 @@
}
else if (starttls_proto == PROTO_IMAP)
{
+ int foundit=0;
BIO_read(sbio,mbuf,BUFSIZZ);
- BIO_printf(sbio,"0 STARTTLS\r\n");
+ /* STARTTLS command requires CAPABILITY... */
+ BIO_printf(sbio,". CAPABILITY\r\n");
+ /* wait for multi-line CAPABILITY response */
+ do
+ {
+ mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+ if (strstr(mbuf,"STARTTLS"))
+ foundit=1;
+ }
+ while (mbuf_len>3);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "didn't found STARTTLS in server response,"
+ " try anyway...\n");
+ BIO_printf(sbio,". STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
else if (starttls_proto == PROTO_FTP)
