Hi everyone,
I stumbled over a missing feature of the openssl s_client tool. I wanted
to check a LDAP TLS connection over the cli, but the ldap starttls
option was not implemented (yet). So I took the chance to write a patch.
#> openssl s_client -starttls ldap -connect localhost:389
Comments are more then welcome!
Cheers,
Alex
diff -Nur openssl-original/apps/s_client.c openssl/apps/s_client.c
--- openssl-original/apps/s_client.c 2012-09-27 10:45:09.175327999 +0200
+++ openssl/apps/s_client.c 2012-09-28 15:07:38.298329407 +0200
@@ -349,8 +349,8 @@
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
- BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
- BIO_printf(bio_err," are supported.\n");
+ BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and\n");
+ BIO_printf(bio_err," \"ldap\" are supported.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
@@ -552,7 +552,8 @@
PROTO_POP3,
PROTO_IMAP,
PROTO_FTP,
- PROTO_XMPP
+ PROTO_XMPP,
+ PROTO_LDAP
};
int MAIN(int, char **);
@@ -950,6 +951,8 @@
starttls_proto = PROTO_FTP;
else if (strcmp(*argv, "xmpp") == 0)
starttls_proto = PROTO_XMPP;
+ else if (strcmp(*argv, "ldap") == 0)
+ starttls_proto = PROTO_LDAP;
else
goto bad;
}
@@ -1580,6 +1583,30 @@
goto shut;
mbuf[0] = 0;
}
+ if (starttls_proto == PROTO_LDAP)
+ {
+ char *ldap_tls_genconf= "asn1=SEQUENCE:LDAPMessage\n"
+ "[LDAPMessage]\n"
+ "messageID=INTEGER:1\n"
+ "extendedReq=EXPLICIT:23A,IMPLICIT:0C,FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n";
+ long errline;
+ char *genstr;
+ ASN1_TYPE *atyp = NULL;
+ CONF *cnf = NCONF_new(NULL);
+ BIO *ldapbio = BIO_new(BIO_s_mem());
+
+ BIO_puts(ldapbio, ldap_tls_genconf);
+ NCONF_load_bio(cnf, ldapbio, &errline);
+ genstr = NCONF_get_string(cnf, "default", "asn1");
+ atyp = ASN1_generate_nconf(genstr, cnf);
+
+ BIO_printf(sbio, (const char *) atyp->value.sequence->data, host);
+ BIO_read(sbio,sbuf,BUFSIZZ);
+
+ BIO_free(ldapbio);
+ NCONF_free(cnf);
+ ASN1_TYPE_free(atyp);
+ }
for (;;)
{