Bug#221689: [Pkg-openssl-devel] Bug#221689: Checking the existence of the bug.

James Westby jw+debian at jameswestby.net
Mon Jul 31 22:57:09 UTC 2006


On (01/08/06 00:06), Artur R. Czechowski wrote:
> You can check the existence of the bug using any exim4 server. Currently
> master.debian.org suits well:
> 
> arturcz at blabluga:~$ openssl s_client -starttls smtp -ssl2 -connect master.debian.org:25 -debug
> CONNECTED(00000003)
> read from 0x80cf1f8 [0x80b9d78] (8192 bytes => 71 (0x47))
> 0000 - 32 32 30 20 6d 61 73 74-65 72 2e 64 65 62 69 61   220 master.debia
> 0010 - 6e 2e 6f 72 67 20 45 53-4d 54 50 20 45 78 69 6d   n.org ESMTP Exim
> 0020 - 20 34 2e 35 30 20 4d 6f-6e 2c 20 33 31 20 4a 75    4.50 Mon, 31 Ju
> 0030 - 6c 20 32 30 30 36 20 31-37 3a 30 33 3a 35 37 20   l 2006 17:03:57
> 0040 - 2d 30 35 30 30 0d 0a                              -0500..
> write to 0x80cf1f8 [-0x40611278] (10 bytes => 10 (0xA))
> 0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
> read from 0x80cf1f8 [0x80b7d70] (8192 bytes => 47 (0x2F))
> 0000 - 35 30 33 20 53 54 41 52-54 54 4c 53 20 63 6f 6d   503 STARTTLS com
> 0010 - 6d 61 6e 64 20 75 73 65-64 20 77 68 65 6e 20 6e   mand used when n
> 0020 - 6f 74 20 61 64 76 65 72-74 69 73 65 64 0d 0a      ot advertised..
> write to 0x80cf1f8 [0x80c5e91] (48 bytes => 48 (0x30))
> 0000 - 80 2e 01 00 02 00 15 00-00 00 10 07 00 c0 03 00   ................
> 0010 - 80 01 00 80 08 00 80 06-00 40 04 00 80 02 00 80   ......... at ......
> 0020 - 39 e3 e3 94 2c 71 3e 8d-75 10 32 16 df e0 69 4e   9...,q>.u.2...iN
> 

It is marked as wishlist as this is by design really. 

openssl cannot know how to speak every protocol, and know when to send
STARTTLS for each, so it just does it at the start. 

There is a link in the bug report explaining the problem.

So you are asking one of two things really

1) Learn to speak every protocol that might use STARTTLS (at least
starting with SMTP)

2) Implement a way to tell openssl when to send STARTTLS.

Either of these is really wishlist.

As Andreas said, you might like to use gnutls-cli or swaks to test
STARTTLS for SMTP.

James

-- 
  James Westby
  http://jameswestby.net/
  seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256





More information about the Pkg-openssl-devel mailing list