From 8d72476e2b4a00b9702d50e5b57a95ba9c32e41e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Wed, 21 Feb 2007 18:20:41 +0000
Subject: [PATCH] Extend SMTP and IMAP protocol handling to perform the
 required EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
---
 CHANGES         |  4 ++++
 apps/s_client.c | 32 +++++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 49cdf5dcf5..57d017e426 100644
--- a/CHANGES
+++ b/CHANGES
@@ -518,6 +518,10 @@
      Improve header file function name parsing.
      [Steve Henson]
 
+  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+     or CAPABILITY handshake as required by RFCs.
+     [Goetz Babin-Ebell]
+
  Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
 
   *) Introduce limits to prevent malicious keys being able to
diff --git a/apps/s_client.c b/apps/s_client.c
index 58e317a1a2..633d110f79 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -914,12 +914,27 @@ re_start:
 	/* This is an ugly hack that does a lot of assumptions */
 	if (starttls_proto == PROTO_SMTP)
 		{
+		int foundit=0;
 		/* wait for multi-line response to end from SMTP */
 		do
 			{
 			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
+		/* STARTTLS command requires EHLO... */
+		BIO_printf(sbio,"EHLO openssl.client.net\r\n");
+		/* wait for multi-line response to end EHLO SMTP response */
+		do
+			{
+			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+			if (strstr(mbuf,"STARTTLS"))
+				foundit=1;
+			}
+		while (mbuf_len>3 && mbuf[3]=='-');
+		if (!foundit)
+			BIO_printf(bio_err,
+				   "didn't found starttls in server response,"
+				   " try anyway...\n");
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
@@ -931,8 +946,23 @@ re_start:
 		}
 	else if (starttls_proto == PROTO_IMAP)
 		{
+		int foundit=0;
 		BIO_read(sbio,mbuf,BUFSIZZ);
-		BIO_printf(sbio,"0 STARTTLS\r\n");
+		/* STARTTLS command requires CAPABILITY... */
+		BIO_printf(sbio,". CAPABILITY\r\n");
+		/* wait for multi-line CAPABILITY response */
+		do
+			{
+			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+			if (strstr(mbuf,"STARTTLS"))
+				foundit=1;
+			}
+		while (mbuf_len>3);
+		if (!foundit)
+			BIO_printf(bio_err,
+				   "didn't found STARTTLS in server response,"
+				   " try anyway...\n");
+		BIO_printf(sbio,". STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_FTP)
-- 
GitLab