Bug#221689: [Pkg-openssl-devel] Bug#221689: Checking the existence of the bug.

Kurt Roeckx kurt at roeckx.be
Tue Aug 1 16:03:30 UTC 2006 

On Mon, Jul 31, 2006 at 11:57:09PM +0100, James Westby wrote:
> On (01/08/06 00:06), Artur R. Czechowski wrote:
> > You can check the existence of the bug using any exim4 server. Currently
> > master.debian.org suits well:
> > 
> > arturcz at blabluga:~$ openssl s_client -starttls smtp -ssl2 -connect master.debian.org:25 -debug
> > CONNECTED(00000003)
> > read from 0x80cf1f8 [0x80b9d78] (8192 bytes => 71 (0x47))
> > 0000 - 32 32 30 20 6d 61 73 74-65 72 2e 64 65 62 69 61   220 master.debia
> > 0010 - 6e 2e 6f 72 67 20 45 53-4d 54 50 20 45 78 69 6d   n.org ESMTP Exim
> > 0020 - 20 34 2e 35 30 20 4d 6f-6e 2c 20 33 31 20 4a 75    4.50 Mon, 31 Ju
> > 0030 - 6c 20 32 30 30 36 20 31-37 3a 30 33 3a 35 37 20   l 2006 17:03:57
> > 0040 - 2d 30 35 30 30 0d 0a                              -0500..
> > write to 0x80cf1f8 [-0x40611278] (10 bytes => 10 (0xA))
> > 0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
> > read from 0x80cf1f8 [0x80b7d70] (8192 bytes => 47 (0x2F))
> > 0000 - 35 30 33 20 53 54 41 52-54 54 4c 53 20 63 6f 6d   503 STARTTLS com
> > 0010 - 6d 61 6e 64 20 75 73 65-64 20 77 68 65 6e 20 6e   mand used when n
> > 0020 - 6f 74 20 61 64 76 65 72-74 69 73 65 64 0d 0a      ot advertised..
> > write to 0x80cf1f8 [0x80c5e91] (48 bytes => 48 (0x30))
> > 0000 - 80 2e 01 00 02 00 15 00-00 00 10 07 00 c0 03 00   ................
> > 0010 - 80 01 00 80 08 00 80 06-00 40 04 00 80 02 00 80   ......... at ......
> > 0020 - 39 e3 e3 94 2c 71 3e 8d-75 10 32 16 df e0 69 4e   9...,q>.u.2...iN
> > 
> 
> It is marked as wishlist as this is by design really. 
> 
> openssl cannot know how to speak every protocol, and know when to send
> STARTTLS for each, so it just does it at the start. 

But it does support 2 protocols, smtp and pop3.  It just doesn't
support them very well.  I'm not not familiar with the smtp
protocol enough to know what you can send STARTTLS.  exim4 above
claims it wasn't advertised.  So I wonder when it gets
advertised, and wether it supports it or not.

> There is a link in the bug report explaining the problem.
> 
> So you are asking one of two things really
> 
> 1) Learn to speak every protocol that might use STARTTLS (at least
> starting with SMTP)
> 
> 2) Implement a way to tell openssl when to send STARTTLS.

I currently of the opinion that it the best option for that is
that the user has to type "STARTTLS" himself.


Kurt

More information about the Pkg-openssl-devel mailing list