Make STARTTLS NNTP work

This commit addresses #179 and implements NNTP via STARTTLS. I did a few tests and it did work so far. However the binary support needs to be done. I backported in my fork of @PeterMosmans tree the section from OpenSSL 1.1.1 -- but it didn't work, see https://github.com/openssl/openssl/issues/7722. I just tried to patch it as I suggested and it worked then. My patch is pushed soon after to https://github.com/drwetter/openssl-1.0.2.bad, however I'll better wait for the official OPenSSL 1.1.1 patch.
2025-01-06 00:39:44 +01:00 · 2018-11-28 16:54:09 +01:00 · 2018-11-28 16:54:09 +01:00 · d2fe7567d3
commit d2fe7567d3
parent e23afb900b
1 changed files with 6 additions and 4 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -9236,9 +9236,6 @@ starttls_xmpp_dialog() {
 starttls_nntp_dialog() {
     debugme echo "=== starting nntp STARTTLS dialog ==="
     starttls_full_read '$^' '^20[01] '                    && debugme echo "received server greeting" &&
-     starttls_just_send 'CAPABILITIES'                     && debugme echo "sent CAPABILITIES" &&
-     starttls_full_read '$^' '^101 '                       &&
-     starttls_full_read '' '^\.$' "^STARTTLS$"             && debugme echo "received server capabilities and checked STARTTLS availability" &&
     starttls_just_send 'STARTTLS'                         && debugme echo "initiated STARTTLS" &&
     starttls_full_read '$^' '^382 '                       && debugme echo "received ack for STARTTLS"
     local ret=$?
@ -16830,7 +16827,7 @@ determine_service() {
               protocol=${1%s}     # strip trailing 's' in ftp(s), smtp(s), pop3(s), etc
          fi
          case "$protocol" in
-               ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql)
+               ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp)
                    STARTTLS="-starttls $protocol"
                    SNI=""
                    if [[ "$protocol" == xmpp ]]; then
@ -16870,6 +16867,11 @@ determine_service() {
                         if ! "$HAS_LMTP"; then
                              fatal "Your $OPENSSL does not support the \"-starttls lmtp\" option" $ERR_OSSLBIN
                         fi
+                    elif [[ "$protocol" == nntp ]]; then
+                         # Check if openssl version supports lmtp.
+                         if ! "$HAS_NNTP"; then
+                              fatal "Your $OPENSSL does not support the \"-starttls nntp\" option" $ERR_OSSLBIN
+                         fi
                    fi
                    $OPENSSL s_client $(s_client_options "-connect $NODEIP:$PORT $PROXY $BUGS $STARTTLS") 2>$ERRFILE >$TMPFILE </dev/null
                    if [[ $? -ne 0 ]]; then