protocols: Add support for STARTTLS

bruceg · Apr 19, 2012 · eb902c3 · eb902c3
1 parent 436afd2
commit eb902c3
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 5 deletions.
diff --git a/NEWS b/NEWS
@@ -2,7 +2,7 @@ This file lists all the major user-visible changes to nullmailer.
 -------------------------------------------------------------------------------
 Changes in version 1.10
 
-- Added support for SMTPS (SMTP over SSL/TLS).
+- Added support for SMTPS (SMTP over SSL/TLS) and STARTTLS.
 
 - Added support for auto-detection of login method in SMTP protocol.
 

diff --git a/TODO b/TODO
@@ -2,7 +2,6 @@
 
 - SSL/TLS support:
   - Add certificate verification unless --ssl-insecure
-  - Add support for STARTTLS
 
 - Convert all proto modules to use timedout reads.
 

diff --git a/protocols/protocol.cc b/protocols/protocol.cc
@@ -32,6 +32,7 @@ const char* pass = 0;
 int port = 0;
 int auth_method = AUTH_DETECT;
 int use_ssl = 0;
+int use_starttls = 0;
 const char* cli_help_suffix = "";
 const char* cli_args_usage = "remote-address < mail-file";
 const int cli_args_min = 1;
@@ -48,6 +49,8 @@ cli_option cli_options[] = {
 #ifdef HAVE_TLS
   { 0, "ssl", cli_option::flag, 1, &use_ssl,
     "Connect using SSL (on an alternate port by default)", 0 },
+  { 0, "starttls", cli_option::flag, 1, &use_starttls,
+    "Use STARTTLS command", 0 },
 #endif
   {0, 0, cli_option::flag, 0, 0, 0, 0}
 };
@@ -70,7 +73,12 @@ static void plain_send(fdibuf& in, int fd)
   fdobuf netout(fd);
   if (!netin || !netout)
     protocol_fail(ERR_MSG_TEMPFAIL, "Error allocating I/O buffers");
-  protocol_send(in, netin, netout);
+  if (use_starttls) {
+    protocol_starttls(netin, netout);
+    tls_send(in, fd);
+  }
+  else
+    protocol_send(in, netin, netout);
 }
 
 int cli_main(int, char* argv[])
@@ -80,7 +88,7 @@ int cli_main(int, char* argv[])
     port = use_ssl ? default_ssl_port : default_port;
   if (port < 0)
     protocol_fail(ERR_USAGE, "Invalid value for --port");
-  if (use_ssl)
+  if (use_ssl || use_starttls)
     tls_init(remote);
   fdibuf in(0, true);
   protocol_prep(in);

diff --git a/protocols/protocol.h b/protocols/protocol.h
@@ -16,9 +16,11 @@ extern const char* pass;
 extern int auth_method;
 extern int port;
 extern int use_ssl;
+extern int use_starttls;
 
 extern void protocol_prep(fdibuf& in);
 extern void protocol_send(fdibuf& in, fdibuf& netin, fdobuf& netout);
+extern void protocol_starttls(fdibuf& netin, fdobuf& netout);
 
 extern void tls_init(const char* remote);
 extern void tls_send(fdibuf& in, int fd);

diff --git a/protocols/qmqp.cc b/protocols/qmqp.cc
@@ -126,6 +126,13 @@ void protocol_prep(fdibuf& in)
     protocol_fail(ERR_MSG_READ, "Error reading message");
 }
 
+void protocol_starttls(fdibuf& netin, fdobuf& netout)
+{
+  protocol_fail(ERR_USAGE, "QMQP does not support STARTTLS");
+  (void)netin;
+  (void)netout;
+}
+
 void protocol_send(fdibuf& in, fdibuf& netin, fdobuf& netout)
 {
   alarm(60*60);			// Connection must close after an hour

diff --git a/protocols/smtp.cc b/protocols/smtp.cc
@@ -212,10 +212,22 @@ void protocol_prep(fdibuf&)
 {
 }
 
-void protocol_send(fdibuf& in, fdibuf& netin, fdobuf& netout)
+static int did_starttls = 0;
+
+void protocol_starttls(fdibuf& netin, fdobuf& netout)
 {
   smtp conn(netin, netout);
   conn.docmd("", 200);
+  conn.dohelo(true);
+  conn.docmd("STARTTLS", 200);
+  did_starttls = 1;
+}
+
+void protocol_send(fdibuf& in, fdibuf& netin, fdobuf& netout)
+{
+  smtp conn(netin, netout);
+  if (!did_starttls)
+    conn.docmd("", 200);
 
   if (user != 0 && pass != 0) {
     conn.dohelo(true);