openssl supports xmpp in the s_client -starttls option, but that only
works to debug client-to-server connections.
For server-to-server connections, a slight change in the xml
(jabber:server instead of jabber:client) is needed.
I've attached a patch that will add a new protocol xmpps (for XMPP
server) to the starttls option and thus allows connections to xmpp s2s
server ports.
Patch is against latest openssl 1.0.1 snapshot.
diff -Naur openssl-1.0.1-stable-SNAP-20111120/apps/s_client.c openssl-with-xmpps/apps/s_client.c
--- openssl-1.0.1-stable-SNAP-20111120/apps/s_client.c 2011-11-16 01:00:33.000000000 +0100
+++ openssl-with-xmpps/apps/s_client.c 2011-11-20 16:24:48.320129963 +0100
@@ -537,7 +537,8 @@
PROTO_POP3,
PROTO_IMAP,
PROTO_FTP,
- PROTO_XMPP
+ PROTO_XMPP,
+ PROTO_XMPPS
};
int MAIN(int, char **);
@@ -907,6 +908,8 @@
starttls_proto = PROTO_FTP;
else if (strcmp(*argv, "xmpp") == 0)
starttls_proto = PROTO_XMPP;
+ else if (strcmp(*argv, "xmpps") == 0)
+ starttls_proto = PROTO_XMPPS;
else
goto bad;
}
@@ -1473,6 +1476,28 @@
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
+ {
+ if (strstr(mbuf, "/stream:features>"))
+ goto shut;
+ seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf[seen] = 0;
+ }
+ BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+ seen = BIO_read(sbio,sbuf,BUFSIZZ);
+ sbuf[seen] = 0;
+ if (!strstr(sbuf, "<proceed"))
+ goto shut;
+ mbuf[0] = 0;
+ }
+ if (starttls_proto == PROTO_XMPPS)
+ {
+ int seen = 0;
+ BIO_printf(sbio,"<stream:stream "
+ "xmlns:stream='http://etherx.jabber.org/streams' "
+ "xmlns='jabber:server' to='%s' version='1.0'>", host);
+ seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf[seen] = 0;
+ while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
{
if (strstr(mbuf, "/stream:features>"))
goto shut;
