From d2fe7567d322fc6e7e747890346c73cdd9e8535e Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 28 Nov 2018 16:54:09 +0100 Subject: [PATCH] Make STARTTLS NNTP work This commit addresses #179 and implements NNTP via STARTTLS. I did a few tests and it did work so far. However the binary support needs to be done. I backported in my fork of @PeterMosmans tree the section from OpenSSL 1.1.1 -- but it didn't work, see https://github.com/openssl/openssl/issues/7722. I just tried to patch it as I suggested and it worked then. My patch is pushed soon after to https://github.com/drwetter/openssl-1.0.2.bad, however I'll better wait for the official OPenSSL 1.1.1 patch. --- testssl.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/testssl.sh b/testssl.sh index 4fd6395..ee6f1a3 100755 --- a/testssl.sh +++ b/testssl.sh @@ -9236,9 +9236,6 @@ starttls_xmpp_dialog() { starttls_nntp_dialog() { debugme echo "=== starting nntp STARTTLS dialog ===" starttls_full_read '$^' '^20[01] ' && debugme echo "received server greeting" && - starttls_just_send 'CAPABILITIES' && debugme echo "sent CAPABILITIES" && - starttls_full_read '$^' '^101 ' && - starttls_full_read '' '^\.$' "^STARTTLS$" && debugme echo "received server capabilities and checked STARTTLS availability" && starttls_just_send 'STARTTLS' && debugme echo "initiated STARTTLS" && starttls_full_read '$^' '^382 ' && debugme echo "received ack for STARTTLS" local ret=$? @@ -16830,7 +16827,7 @@ determine_service() { protocol=${1%s} # strip trailing 's' in ftp(s), smtp(s), pop3(s), etc fi case "$protocol" in - ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql) + ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp) STARTTLS="-starttls $protocol" SNI="" if [[ "$protocol" == xmpp ]]; then @@ -16870,6 +16867,11 @@ determine_service() { if ! "$HAS_LMTP"; then fatal "Your $OPENSSL does not support the \"-starttls lmtp\" option" $ERR_OSSLBIN fi + elif [[ "$protocol" == nntp ]]; then + # Check if openssl version supports lmtp. + if ! "$HAS_NNTP"; then + fatal "Your $OPENSSL does not support the \"-starttls nntp\" option" $ERR_OSSLBIN + fi fi $OPENSSL s_client $(s_client_options "-connect $NODEIP:$PORT $PROXY $BUGS $STARTTLS") 2>$ERRFILE >$TMPFILE