mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-23 08:59:31 +01:00
Make STARTTLS NNTP work
This commit addresses #179 and implements NNTP via STARTTLS. I did a few tests and it did work so far. However the binary support needs to be done. I backported in my fork of @PeterMosmans tree the section from OpenSSL 1.1.1 -- but it didn't work, see https://github.com/openssl/openssl/issues/7722. I just tried to patch it as I suggested and it worked then. My patch is pushed soon after to https://github.com/drwetter/openssl-1.0.2.bad, however I'll better wait for the official OPenSSL 1.1.1 patch.
This commit is contained in:
parent
e23afb900b
commit
d2fe7567d3
10
testssl.sh
10
testssl.sh
@ -9236,9 +9236,6 @@ starttls_xmpp_dialog() {
|
|||||||
starttls_nntp_dialog() {
|
starttls_nntp_dialog() {
|
||||||
debugme echo "=== starting nntp STARTTLS dialog ==="
|
debugme echo "=== starting nntp STARTTLS dialog ==="
|
||||||
starttls_full_read '$^' '^20[01] ' && debugme echo "received server greeting" &&
|
starttls_full_read '$^' '^20[01] ' && debugme echo "received server greeting" &&
|
||||||
starttls_just_send 'CAPABILITIES' && debugme echo "sent CAPABILITIES" &&
|
|
||||||
starttls_full_read '$^' '^101 ' &&
|
|
||||||
starttls_full_read '' '^\.$' "^STARTTLS$" && debugme echo "received server capabilities and checked STARTTLS availability" &&
|
|
||||||
starttls_just_send 'STARTTLS' && debugme echo "initiated STARTTLS" &&
|
starttls_just_send 'STARTTLS' && debugme echo "initiated STARTTLS" &&
|
||||||
starttls_full_read '$^' '^382 ' && debugme echo "received ack for STARTTLS"
|
starttls_full_read '$^' '^382 ' && debugme echo "received ack for STARTTLS"
|
||||||
local ret=$?
|
local ret=$?
|
||||||
@ -16830,7 +16827,7 @@ determine_service() {
|
|||||||
protocol=${1%s} # strip trailing 's' in ftp(s), smtp(s), pop3(s), etc
|
protocol=${1%s} # strip trailing 's' in ftp(s), smtp(s), pop3(s), etc
|
||||||
fi
|
fi
|
||||||
case "$protocol" in
|
case "$protocol" in
|
||||||
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql)
|
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp)
|
||||||
STARTTLS="-starttls $protocol"
|
STARTTLS="-starttls $protocol"
|
||||||
SNI=""
|
SNI=""
|
||||||
if [[ "$protocol" == xmpp ]]; then
|
if [[ "$protocol" == xmpp ]]; then
|
||||||
@ -16870,6 +16867,11 @@ determine_service() {
|
|||||||
if ! "$HAS_LMTP"; then
|
if ! "$HAS_LMTP"; then
|
||||||
fatal "Your $OPENSSL does not support the \"-starttls lmtp\" option" $ERR_OSSLBIN
|
fatal "Your $OPENSSL does not support the \"-starttls lmtp\" option" $ERR_OSSLBIN
|
||||||
fi
|
fi
|
||||||
|
elif [[ "$protocol" == nntp ]]; then
|
||||||
|
# Check if openssl version supports lmtp.
|
||||||
|
if ! "$HAS_NNTP"; then
|
||||||
|
fatal "Your $OPENSSL does not support the \"-starttls nntp\" option" $ERR_OSSLBIN
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
$OPENSSL s_client $(s_client_options "-connect $NODEIP:$PORT $PROXY $BUGS $STARTTLS") 2>$ERRFILE >$TMPFILE </dev/null
|
$OPENSSL s_client $(s_client_options "-connect $NODEIP:$PORT $PROXY $BUGS $STARTTLS") 2>$ERRFILE >$TMPFILE </dev/null
|
||||||
if [[ $? -ne 0 ]]; then
|
if [[ $? -ne 0 ]]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user