Add STARTTLS IRC

... backported from openssl master. Also it reoves one of the BIO_printf "are supported" upon s_client help as there were 2 BIO_printf's "are supported". Adds IRC STARTTLS protocols to the pod file and others which where missing (telnet, ldap, mysql, postgres). PS: doing a fresh start (IRC patch broken)
drwetter · Jan 18, 2019 · 9893b31 · 9893b31
1 parent c9ba19c
commit 9893b31
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 3 deletions.
diff --git a/apps/s_client.c b/apps/s_client.c
@@ -198,6 +198,7 @@ typedef unsigned int u_int;
 
 #undef BUFSIZZ
 #define BUFSIZZ 1024*8
+#define S_CLIENT_IRC_READ_TIMEOUT 8
 
 extern int verify_depth;
 extern int verify_error;
@@ -400,7 +401,7 @@ static void sc_usage(void)
                "                 'prot' defines which one to assume.  Currently,\n");
     BIO_printf(bio_err,
                "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\"\n");
-    BIO_printf(bio_err, "                 \"telnet\", \"ldap\", \"mysql\", and \"postgres\" are supported.\n");
+    BIO_printf(bio_err, "                 \"telnet\", \"ldap\", \"mysql\", \"postgres\" and \"irc\"\n");
     BIO_printf(bio_err, "                 are supported.\n");
     BIO_printf(bio_err," -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n");
 #ifndef OPENSSL_NO_ENGINE
@@ -661,6 +662,7 @@ enum {
     PROTO_LDAP,
     PROTO_POSTGRES,
     PROTO_MYSQL,
+    PROTO_IRC
 };
 
 int MAIN(int, char **);
@@ -1111,6 +1113,8 @@ int MAIN(int argc, char **argv)
                 starttls_proto = PROTO_POSTGRES;
             else if (strcmp(*argv, "mysql") == 0)
                 starttls_proto = PROTO_MYSQL;
+            else if (strcmp(*argv, "irc") == 0)
+                starttls_proto = PROTO_IRC;
             else
                 goto bad;
         }
@@ -1832,7 +1836,68 @@ int MAIN(int argc, char **argv)
                 goto shut;
         }
 
-    if (starttls_proto == PROTO_MYSQL) {
+        if (starttls_proto == PROTO_IRC) {
+            int numeric;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_printf(fbio, "STARTTLS\r\n");
+            (void)BIO_flush(fbio);
+            width = SSL_get_fd(con) + 1;
+
+            do {
+                numeric = 0;
+
+                FD_ZERO(&readfds);
+                openssl_fdset(SSL_get_fd(con), &readfds);
+                timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT;
+                timeout.tv_usec = 0;
+                /*
+                 * If the IRCd doesn't respond within
+                 * S_CLIENT_IRC_READ_TIMEOUT seconds, assume
+                 * it doesn't support STARTTLS. Many IRCds
+                 * will not give _any_ sort of response to a
+                 * STARTTLS command when it's not supported.
+                 */
+                if (!BIO_get_buffer_num_lines(fbio)
+                    && !BIO_pending(fbio)
+                    && !BIO_pending(sbio)
+                    && select(width, (void *)&readfds, NULL, NULL,
+                              &timeout) < 1) {
+                    BIO_printf(bio_err,
+                               "Timeout waiting for response (%d seconds).\n",
+                               S_CLIENT_IRC_READ_TIMEOUT);
+                    break;
+                }
+
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (mbuf_len < 1 || sscanf(mbuf, "%*s %d", &numeric) != 1)
+                    break;
+                /* :example.net 451 STARTTLS :You have not registered */
+                /* :example.net 421 STARTTLS :Unknown command */
+                if ((numeric == 451 || numeric == 421)
+                    && strstr(mbuf, "STARTTLS") != NULL) {
+                    BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+                    break;
+                }
+                if (numeric == 691) {
+                    BIO_printf(bio_err, "STARTTLS negotiation failed: ");
+                    ERR_print_errors(bio_err);
+                    break;
+                }
+            } while (numeric != 670);
+
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (numeric != 670) {
+                BIO_printf(bio_err, "Server does not support STARTTLS.\n");
+                ret = 1;
+                goto shut;
+            }
+        }
+
+	if (starttls_proto == PROTO_MYSQL) {
 	/* SSL request packet */
 	static const unsigned char ssl_req[] = {
 	    /* payload_length,   sequence_id */
@@ -1849,6 +1914,7 @@ int MAIN(int argc, char **argv)
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 	};
+
 	int bytes = 0;
 	int ssl_flg = 0x800;
 	int pos;

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
@@ -235,7 +235,8 @@ use the server's cipher preferences; only used for SSLV2.
 
 send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
-supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
+supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "telnet", 
+"ldap", "mysql", "postgres" and "irc".
 
 =item B<-xmpphost hostname>