Extend SMTP and IMAP protocol handling to perform the required

EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>

diff --git a/CHANGES b/CHANGES
index 49cdf5dcf53e950427aaba21c74e272c32864905..57d017e426bb8397c6b88c4138a3caeb525742d3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -518,6 +518,10 @@
      Improve header file function name parsing.
      [Steve Henson]
 
+  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+     or CAPABILITY handshake as required by RFCs.
+     [Goetz Babin-Ebell]
+
  Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
 
   *) Introduce limits to prevent malicious keys being able to

diff --git a/apps/s_client.c b/apps/s_client.c
index 58e317a1a2a50c0eed6c0f5fa1851bd70feef0b3..633d110f7999f07ff9e5112bbae6ebb46c118f09 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -914,12 +914,27 @@ re_start:
        /* This is an ugly hack that does a lot of assumptions */
        if (starttls_proto == PROTO_SMTP)
                {
+               int foundit=0;
                /* wait for multi-line response to end from SMTP */
                do
                        {
                        mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
                        }
                while (mbuf_len>3 && mbuf[3]=='-');
+               /* STARTTLS command requires EHLO... */
+               BIO_printf(sbio,"EHLO openssl.client.net\r\n");
+               /* wait for multi-line response to end EHLO SMTP response */
+               do
+                       {
+                       mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+                       if (strstr(mbuf,"STARTTLS"))
+                               foundit=1;
+                       }
+               while (mbuf_len>3 && mbuf[3]=='-');
+               if (!foundit)
+                       BIO_printf(bio_err,
+                                  "didn't found starttls in server response,"
+                                  " try anyway...\n");
                BIO_printf(sbio,"STARTTLS\r\n");
                BIO_read(sbio,sbuf,BUFSIZZ);
                }
@@ -931,8 +946,23 @@ re_start:
                }
        else if (starttls_proto == PROTO_IMAP)
                {
+               int foundit=0;
                BIO_read(sbio,mbuf,BUFSIZZ);
-               BIO_printf(sbio,"0 STARTTLS\r\n");
+               /* STARTTLS command requires CAPABILITY... */
+               BIO_printf(sbio,". CAPABILITY\r\n");
+               /* wait for multi-line CAPABILITY response */
+               do
+                       {
+                       mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+                       if (strstr(mbuf,"STARTTLS"))
+                               foundit=1;
+                       }
+               while (mbuf_len>3);
+               if (!foundit)
+                       BIO_printf(bio_err,
+                                  "didn't found STARTTLS in server response,"
+                                  " try anyway...\n");
+               BIO_printf(sbio,". STARTTLS\r\n");
                BIO_read(sbio,sbuf,BUFSIZZ);
                }
        else if (starttls_proto == PROTO_FTP)