[PATCH] openssl s_client starttls ldap

Mon, 01 Oct 2012 06:03:48 -0700 

Hi everyone,
I stumbled over a missing feature of the openssl s_client tool. I wanted to check a LDAP TLS connection over the cli, but the ldap starttls option was not implemented (yet). So I took the chance to write a patch. 

#> openssl s_client -starttls ldap -connect localhost:389

Comments are more then welcome!


Cheers,
Alex

diff -Nur openssl-original/apps/s_client.c openssl/apps/s_client.c
--- openssl-original/apps/s_client.c	2012-09-27 10:45:09.175327999 +0200
+++ openssl/apps/s_client.c	2012-09-28 15:07:38.298329407 +0200
@@ -349,8 +349,8 @@
 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
-	BIO_printf(bio_err,"                 are supported.\n");
+	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and\n");
+	BIO_printf(bio_err,"                 \"ldap\" are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 #endif
@@ -552,7 +552,8 @@
 	PROTO_POP3,
 	PROTO_IMAP,
 	PROTO_FTP,
-	PROTO_XMPP
+	PROTO_XMPP,
+	PROTO_LDAP
 };
 
 int MAIN(int, char **);
@@ -950,6 +951,8 @@
 				starttls_proto = PROTO_FTP;
 			else if (strcmp(*argv, "xmpp") == 0)
 				starttls_proto = PROTO_XMPP;
+			else if (strcmp(*argv, "ldap") == 0)
+				starttls_proto = PROTO_LDAP;
 			else
 				goto bad;
 			}
@@ -1580,6 +1583,30 @@
 			goto shut;
 		mbuf[0] = 0;
 		}
+	if (starttls_proto == PROTO_LDAP)
+		{
+		char *ldap_tls_genconf= "asn1=SEQUENCE:LDAPMessage\n"
+					"[LDAPMessage]\n"
+					"messageID=INTEGER:1\n"
+					"extendedReq=EXPLICIT:23A,IMPLICIT:0C,FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n";
+		long errline;
+		char *genstr;
+		ASN1_TYPE *atyp = NULL;
+		CONF *cnf = NCONF_new(NULL);
+		BIO *ldapbio = BIO_new(BIO_s_mem());
+
+		BIO_puts(ldapbio, ldap_tls_genconf);
+		NCONF_load_bio(cnf, ldapbio, &errline);
+		genstr = NCONF_get_string(cnf, "default", "asn1");
+		atyp = ASN1_generate_nconf(genstr, cnf);
+
+		BIO_printf(sbio, (const char *) atyp->value.sequence->data, host);
+		BIO_read(sbio,sbuf,BUFSIZZ);
+
+		BIO_free(ldapbio);
+		NCONF_free(cnf);
+		ASN1_TYPE_free(atyp);
+		}
 
 	for (;;)
 		{














    











					Reply via email to