I did this
RFC5321 states that " Although EHLO keywords may be specified in upper, lower, or mixedcase, they MUST always be recognized and processed in a case-insensitive manner. " (src)
curl does not do this, and works with only uppercase:
|
if(len >= 8 && !memcmp(line, "STARTTLS", 8)) |
|
smtpc->tls_supported = TRUE; |
|
|
|
/* Does the server support the SIZE capability? */ |
|
else if(len >= 4 && !memcmp(line, "SIZE", 4)) |
|
smtpc->size_supported = TRUE; |
|
|
|
/* Does the server support the UTF-8 capability? */ |
|
else if(len >= 8 && !memcmp(line, "SMTPUTF8", 8)) |
|
smtpc->utf8_supported = TRUE; |
|
|
|
/* Does the server support authentication? */ |
|
else if(len >= 5 && !memcmp(line, "AUTH ", 5)) { |
|
smtpc->auth_supported = TRUE; |
|
|
|
/* Advance past the AUTH keyword */ |
|
line += 5; |
|
len -= 5; |
|
|
|
/* Loop through the data line */ |
|
for(;;) { |
|
size_t llen; |
|
size_t wordlen; |
|
unsigned short mechbit; |
|
|
|
while(len && |
|
(*line == ' ' || *line == '\t' || |
|
*line == '\r' || *line == '\n')) { |
|
|
|
line++; |
|
len--; |
|
} |
|
|
|
if(!len) |
|
break; |
|
|
|
/* Extract the word */ |
|
for(wordlen = 0; wordlen < len && line[wordlen] != ' ' && |
|
line[wordlen] != '\t' && line[wordlen] != '\r' && |
|
line[wordlen] != '\n';) |
|
wordlen++; |
|
|
|
/* Test the word for a matching authentication mechanism */ |
|
mechbit = Curl_sasl_decode_mech(line, wordlen, &llen); |
|
if(mechbit && llen == wordlen) |
|
smtpc->sasl.authmechs |= mechbit; |
|
|
|
line += wordlen; |
|
len -= wordlen; |
|
} |
|
} |
|
|
|
if(smtpcode != 1) { |
|
if(data->set.use_ssl && !Curl_conn_is_ssl(data->conn, FIRSTSOCKET)) { |
|
/* We do not have an SSL/TLS connection yet, but SSL is requested */ |
|
if(smtpc->tls_supported) |
|
/* Switch to TLS connection now */ |
|
result = smtp_perform_starttls(data, smtpc); |
|
else if(data->set.use_ssl == CURLUSESSL_TRY) |
|
/* Fallback and carry on with authentication */ |
|
result = smtp_perform_authentication(data, smtpc); |
|
else { |
|
failf(data, "STARTTLS not supported."); |
|
result = CURLE_USE_SSL_FAILED; |
|
} |
which means if a server advertises for e.g. STARTTLS as starttls, it is skipped (sad-face).
I expected the following
starttls to work when the server advertises it in lowercase
curl/libcurl version
curl 8.2.0
operating system
All of them
I did this
RFC5321 states that " Although EHLO keywords may be specified in upper, lower, or mixedcase, they MUST always be recognized and processed in a case-insensitive manner. " (src)
curl does not do this, and works with only uppercase:
curl/lib/smtp.c
Lines 992 to 1056 in af7d67d
I expected the following
starttls to work when the server advertises it in lowercase
curl/libcurl version
curl 8.2.0
operating system
All of them