Hello...

I ran into a (probably MS) bug with starttls

openssl version # with RedHat fixes
OpenSSL 0.9.7a Feb 19 2003

RHEL3 U6

and

/openssl version
OpenSSL 0.9.8a 11 Oct 2005



when running a client test against a MS exchenge server, s_client
-starttls fails. MS exchange wants a HELO before STARTTLS.

openssl s_client -bugs -CApath /usr/share/ssl/certs/ca-bundle.crt
-port 25 -showcerts -starttls smtp -host ms.exchange.server


openssl s_client -debug # will show


0000 - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
read from 08421608 [084000B8] (8192 bytes => 28 (0x1C))
0000 - 35 30 33 20 35 2e 35 2e-32 20 53 65 6e 64 20 68 503 5.5.2 Send
h
0010 - 65 6c 6c 6f 20 66 69 72-73 74 0d 0a ello first..



The following patch allows the connection to work


!!! I AM NOT a C programmer, but I can copy -n paste
!!! example only
--- openssl-0.9.8a/apps/s_client.c 2005-09-30 16:38:19.000000000
-0700
+++ openssl-0.9.8a.chrismcc/apps/s_client.c 2006-02-02
12:48:13.000000000 -0800
@@ -722,6 +722,8 @@
if (starttls_proto == 1)
{
BIO_read(sbio,mbuf,BUFSIZZ);
+ BIO_printf(sbio,"HELO tls.test\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
BIO_printf(sbio,"STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}




--
Christopher McCrory
"The^W One of the guys that keeps the servers running"

chrismcc@pricegrabber.com
http://www.pricegrabber.com

Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense. I tried it. Only tinfoil works.


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org