-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lutz Jaenicke wrote: > Goetz Babin-Ebell wrote: [...] >> * in SMTP doing a STARTTLS without previous EHLO >> will return a >> 503 STARTTLS command used when not advertised >> * in IMAP doing a STARTLS requires a >> . CAPABILITY >> first. >> >> In both cases the server response should be parsed for >> the string "STARTTLS"... >> > This statement is technically correct. As the s_client tool is however > intended for testing purposes only (you remember that a capital > "R" at the beginning of the line will start a renegotiation instead > of being transferred to the server :-) adding the EHLO and .CAPABILITY > should be sufficient and the more complex parsing of the response > might be omitted...
Do you want something like the attached patch ? (untested, I'm off to bed...) Bye Goetz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF2lTq2iGqZUF3qPYRAirhAJ9+e7H1qRzUH7RZAuHKBGpqUDrVfwCfb2A2 B7Z713+mhzGcIx5/VZHtBNA= =ABXa -----END PGP SIGNATURE-----
Index: apps/s_client.c =================================================================== RCS file: /home/gbe/data/cvs/openssl/openssl/apps/s_client.c,v retrieving revision 1.100 diff -u -r1.100 s_client.c --- apps/s_client.c 18 Feb 2007 18:21:57 -0000 1.100 +++ apps/s_client.c 20 Feb 2007 01:47:50 -0000 @@ -914,12 +914,27 @@ /* This is an ugly hack that does a lot of assumptions */ if (starttls_proto == PROTO_SMTP) { + int foundit=0; /* wait for multi-line response to end from SMTP */ do { mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); } while (mbuf_len>3 && mbuf[3]=='-'); + /* STARTTLS command requires EHLO... */ + BIO_printf(sbio,"EHLO openssl.client.net\r\n"); + /* wait for multi-line response to end EHLO SMTP response */ + do + { + mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); + if (strstr(mbuf,"STARTTLS")) + foundit=1; + } + while (mbuf_len>3 && mbuf[3]=='-'); + if (!foundit) + BIO_printf(bio_err, + "didn't found starttls in server response," + " try anyway...\n"); BIO_printf(sbio,"STARTTLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } @@ -931,8 +946,23 @@ } else if (starttls_proto == PROTO_IMAP) { + int foundit=0; BIO_read(sbio,mbuf,BUFSIZZ); - BIO_printf(sbio,"0 STARTTLS\r\n"); + /* STARTTLS command requires CAPABILITY... */ + BIO_printf(sbio,". CAPABILITY\r\n"); + /* wait for multi-line CAPABILITY response */ + do + { + mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); + if (strstr(mbuf,"STARTTLS")) + foundit=1; + } + while (mbuf_len>3); + if (!foundit) + BIO_printf(bio_err, + "didn't found STARTTLS in server response," + " try anyway...\n"); + BIO_printf(sbio,". STARTTLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } else if (starttls_proto == PROTO_FTP)