From: Lutz Jänicke <jaenicke@openssl.org>
Date: Wed, 21 Feb 2007 18:20:33 +0000 (+0000)
Subject: Extend SMTP and IMAP protocol handling to perform the required
X-Git-Tag: OpenSSL_0_9_8e~6
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cdb13ae8d03b14ab0799313bd614c7c4de7f2045;p=oweals%2Fopenssl.git

Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
---

diff --git a/CHANGES b/CHANGES
index 806049fdc9..252dc31407 100644
--- a/CHANGES
+++ b/CHANGES
@@ -39,6 +39,10 @@
      Improve header file function name parsing.
      [Steve Henson]
 
+  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+     or CAPABILITY handshake as required by RFCs.
+     [Goetz Babin-Ebell]
+
  Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
 
   *) Introduce limits to prevent malicious keys being able to
diff --git a/apps/s_client.c b/apps/s_client.c
index 09a835e618..18044809d6 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -735,12 +735,27 @@ re_start:
 	/* This is an ugly hack that does a lot of assumptions */
 	if (starttls_proto == PROTO_SMTP)
 		{
+		int foundit=0;
 		/* wait for multi-line response to end from SMTP */
 		do
 			{
 			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
+		/* STARTTLS command requires EHLO... */
+		BIO_printf(sbio,"EHLO openssl.client.net\r\n");
+		/* wait for multi-line response to end EHLO SMTP response */
+		do
+			{
+			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+			if (strstr(mbuf,"STARTTLS"))
+				foundit=1;
+			}
+		while (mbuf_len>3 && mbuf[3]=='-');
+		if (!foundit)
+			BIO_printf(bio_err,
+				   "didn't found starttls in server response,"
+				   " try anyway...\n");
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
@@ -752,8 +767,23 @@ re_start:
 		}
 	else if (starttls_proto == PROTO_IMAP)
 		{
+		int foundit=0;
 		BIO_read(sbio,mbuf,BUFSIZZ);
-		BIO_printf(sbio,"0 STARTTLS\r\n");
+		/* STARTTLS command requires CAPABILITY... */
+		BIO_printf(sbio,". CAPABILITY\r\n");
+		/* wait for multi-line CAPABILITY response */
+		do
+			{
+			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+			if (strstr(mbuf,"STARTTLS"))
+				foundit=1;
+			}
+		while (mbuf_len>3);
+		if (!foundit)
+			BIO_printf(bio_err,
+				   "didn't found STARTTLS in server response,"
+				   " try anyway...\n");
+		BIO_printf(sbio,". STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_FTP)