Merge pull request #1575 from horazont/feature/xmpp-server

STARTTLS: add support for xmpp-server
This commit is contained in:
Dirk Wetter 2020-05-01 17:53:34 +02:00 committed by GitHub
commit 2b174821e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 7 deletions

View File

@ -137,7 +137,7 @@ Please note that \fBfname\fR has to be in Unix format\. DOS carriage returns won
\fB\-\-basicauth <user:pass>\fR This can be set to provide HTTP basic auth credentials which are used during checks for security headers\. BASICAUTH is the ENV variable you can use instead\. \fB\-\-basicauth <user:pass>\fR This can be set to provide HTTP basic auth credentials which are used during checks for security headers\. BASICAUTH is the ENV variable you can use instead\.
. .
.SS "SPECIAL INVOCATIONS" .SS "SPECIAL INVOCATIONS"
\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn\'t offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\. \fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBxmpp-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn\'t offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\.
. .
.P .P
\fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\. \fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\.

View File

@ -10411,7 +10411,10 @@ starttls_xmpp_dialog() {
debugme echo "=== starting xmpp STARTTLS dialog ===" debugme echo "=== starting xmpp STARTTLS dialog ==="
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE" [[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
starttls_io "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" 'starttls(.*)features' 1 && namespace="jabber:client"
[[ "$STARTTLS_PROTOCOL" == xmpp-server ]] && namespace="jabber:server"
starttls_io "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='"$namespace"' to='"$XMPP_HOST"' version='1.0'>" 'starttls(.*)features' 1 &&
starttls_io "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" '<proceed' 1 starttls_io "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" '<proceed' 1
local ret=$? local ret=$?
debugme echo "=== finished xmpp STARTTLS dialog with ${ret} ===" debugme echo "=== finished xmpp STARTTLS dialog with ${ret} ==="
@ -10553,7 +10556,7 @@ fd_socket() {
acap|acaps) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595 acap|acaps) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
fatal "ACAP Easteregg: not implemented -- probably never will" $ERR_NOSUPPORT fatal "ACAP Easteregg: not implemented -- probably never will" $ERR_NOSUPPORT
;; ;;
xmpp|xmpps) # XMPP, see https://tools.ietf.org/html/rfc6120 xmpp|xmpps|xmpp-server) # XMPP, see https://tools.ietf.org/html/rfc6120
starttls_xmpp_dialog starttls_xmpp_dialog
# IM observatory: https://xmpp.net , XMPP server directory: https://xmpp.net/directory.php # IM observatory: https://xmpp.net , XMPP server directory: https://xmpp.net/directory.php
;; ;;
@ -18446,7 +18449,7 @@ help() {
"$PROG_NAME [options] <URI>", where [options] is: "$PROG_NAME [options] <URI>", where [options] is:
-t, --starttls <protocol> Does a default run against a STARTTLS enabled <protocol, -t, --starttls <protocol> Does a default run against a STARTTLS enabled <protocol,
protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|nntp|postgres|mysql> protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|nntp|postgres|mysql>
--xmpphost <to_domain> For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed --xmpphost <to_domain> For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
--mx <domain/host> Tests MX records from high to low priority (STARTTLS, port 25) --mx <domain/host> Tests MX records from high to low priority (STARTTLS, port 25)
--file/-iL <fname> Mass testing option: Reads one testssl.sh command line per line from <fname>. --file/-iL <fname> Mass testing option: Reads one testssl.sh command line per line from <fname>.
@ -19784,9 +19787,9 @@ determine_service() {
fi fi
case "$protocol" in case "$protocol" in
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp) ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|postgres|mysql|nntp)
STARTTLS="-starttls $protocol" STARTTLS="-starttls $protocol"
if [[ "$protocol" == xmpp ]]; then if [[ "$protocol" == xmpp ]] || [[ "$protocol" == xmpp-server ]]; then
# for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead! # for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead!
NODEIP="$NODE" NODEIP="$NODE"
if [[ -n "$XMPP_HOST" ]]; then if [[ -n "$XMPP_HOST" ]]; then
@ -20967,7 +20970,7 @@ parse_cmd_line() {
STARTTLS_PROTOCOL="$(parse_opt_equal_sign "$1" "$2")" STARTTLS_PROTOCOL="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case $STARTTLS_PROTOCOL in case $STARTTLS_PROTOCOL in
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|irc|nntp|postgres|mysql) ;; ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|irc|nntp|postgres|mysql) ;;
ftps|smtps|lmtps|pop3s|imaps|xmpps|telnets|ldaps|ircs|nntps|mysqls) ;; ftps|smtps|lmtps|pop3s|imaps|xmpps|telnets|ldaps|ircs|nntps|mysqls) ;;
*) tmln_magenta "\nunrecognized STARTTLS protocol \"$1\", see help" 1>&2 *) tmln_magenta "\nunrecognized STARTTLS protocol \"$1\", see help" 1>&2
help 1 ;; help 1 ;;