Add STARTTLS NNTP

... backport from openssl master, added pod file line. Please note the previous version in master was broken and fixed on Dec 17, 2018 (see openssl#7722).
drwetter · Jan 18, 2019 · 33862ce · 33862ce
1 parent 9893b31
commit 33862ce
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 4 deletions.
diff --git a/apps/s_client.c b/apps/s_client.c
@@ -400,8 +400,8 @@ static void sc_usage(void)
     BIO_printf(bio_err,
                "                 'prot' defines which one to assume.  Currently,\n");
     BIO_printf(bio_err,
-               "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\"\n");
-    BIO_printf(bio_err, "                 \"telnet\", \"ldap\", \"mysql\", \"postgres\" and \"irc\"\n");
+               "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\", \"telnet\",\n");
+    BIO_printf(bio_err, "                 \"ldap\", \"mysql\", \"postgres\", \"irc\" and \"nntp\"\n");
     BIO_printf(bio_err, "                 are supported.\n");
     BIO_printf(bio_err," -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n");
 #ifndef OPENSSL_NO_ENGINE
@@ -662,7 +662,8 @@ enum {
     PROTO_LDAP,
     PROTO_POSTGRES,
     PROTO_MYSQL,
-    PROTO_IRC
+    PROTO_IRC,
+    PROTO_NNTP
 };
 
 int MAIN(int, char **);
@@ -1115,6 +1116,8 @@ int MAIN(int argc, char **argv)
                 starttls_proto = PROTO_MYSQL;
             else if (strcmp(*argv, "irc") == 0)
                 starttls_proto = PROTO_IRC;
+            else if (strcmp(*argv, "nntp") == 0)
+		starttls_proto = PROTO_NNTP;
             else
                 goto bad;
         }
@@ -1836,6 +1839,45 @@ int MAIN(int argc, char **argv)
                 goto shut;
         }
 
+        if (starttls_proto == PROTO_NNTP) {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_gets(fbio, mbuf, BUFSIZZ);
+            /* STARTTLS command requires CAPABILITIES... */
+            BIO_printf(fbio, "CAPABILITIES\r\n");
+            (void)BIO_flush(fbio);
+            BIO_gets(fbio, mbuf, BUFSIZZ);
+            /* no point in trying to parse the CAPABILITIES response if there is none */
+            if (strstr(mbuf, "101") != NULL) {
+                /* wait for multi-line CAPABILITIES response */
+                do {
+                    mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                    if (strstr(mbuf, "STARTTLS"))
+                        foundit = 1;
+                   } while (mbuf_len > 1 && mbuf[0] != '.');
+            }
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            mbuf[mbuf_len] = '\0';
+            if (strstr(mbuf, "382") == NULL) {
+                BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+                goto shut;
+            }
+        }
+
         if (starttls_proto == PROTO_IRC) {
             int numeric;
             BIO *fbio = BIO_new(BIO_f_buffer());

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
@@ -236,7 +236,7 @@ use the server's cipher preferences; only used for SSLV2.
 send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
 supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "telnet", 
-"ldap", "mysql", "postgres" and "irc".
+"ldap", "mysql", "postgres", "irc" and "nntp".
 
 =item B<-xmpphost hostname>