Goetz Babin-Ebell wrote:
> Lutz Jaenicke wrote:
> > Goetz Babin-Ebell wrote:
> [...]
> >> * in SMTP doing a STARTTLS without previous EHLO
> >> will return a
> >> 503 STARTTLS command used when not advertised
> >> * in IMAP doing a STARTLS requires a
> >> . CAPABILITY
> >> first.
> >>
> >> In both cases the server response should be parsed for
> >> the string "STARTTLS"...
> >>
> > This statement is technically correct. As the s_client tool is however
> > intended for testing purposes only (you remember that a capital
> > "R" at the beginning of the line will start a renegotiation instead
> > of being transferred to the server :-) adding the EHLO and .CAPABILITY
> > should be sufficient and the more complex parsing of the response
> > might be omitted...
>
> Do you want something like the attached patch ?
> (untested, I'm off to bed...)
>
Yes, something like this. I have applied your patch to 0.9.8 and -dev... and
was just going to write "thank you" when I discovered that it does not work.
As I just noted BIO_read() does not work "line by line" but on the message
coming in. This message is the complete multi-line response and it has
to be parsed in a different way as attached as a crude hack.
No: BIO_gets() does not work on here (not supported on "connect BIO".
Yes: all other appearances of multi-line handling are broken as well.
The multi-line handling in the SMTP greeting would fail on the first
host with a multi-line greeting and the other protocol handlers are
as buggy. I have thus left your patch in and we have to decide how to
tackle the other occurances...
Best regards,
Lutz
Index: s_client.c
===================================================================
RCS file: /e/openssl/cvs/openssl/apps/s_client.c,v
retrieving revision 1.76.2.7
diff -u -r1.76.2.7 s_client.c
--- s_client.c 21 Feb 2007 18:20:33 -0000 1.76.2.7
+++ s_client.c 21 Feb 2007 18:53:00 -0000
@@ -735,7 +735,7 @@
/* This is an ugly hack that does a lot of assumptions */
if (starttls_proto == PROTO_SMTP)
{
- int foundit=0;
+ int foundit=0, response_done = 0;
/* wait for multi-line response to end from SMTP */
do
{
@@ -747,11 +747,15 @@
/* wait for multi-line response to end EHLO SMTP response */
do
{
+ int ll;
mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
if (strstr(mbuf,"STARTTLS"))
foundit=1;
+ for (ll = 0; !response_done && ll < mbuf_len - 4; ll++)
+ if (mbuf[ll] == '\n' && mbuf[ll + 3] != '-')
+ response_done = 1;
}
- while (mbuf_len>3 && mbuf[3]=='-');
+ while (mbuf_len>3 && mbuf[3]=='-' && !response_done);
if (!foundit)
BIO_printf(bio_err,
"didn't found starttls in server response,"
