Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 17:20:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make STARTTLS NNTP work

Browse Source 
This commit addresses #179 and implements NNTP via STARTTLS. I did
a few tests and it did work so far.

However the binary support needs to be done. I backported in my
fork of @PeterMosmans tree the section from OpenSSL 1.1.1 -- but
it didn't work, see https://github.com/openssl/openssl/issues/7722.

I just tried to patch it as I suggested and it worked then. My
patch is pushed soon after to https://github.com/drwetter/openssl-1.0.2.bad,
however I'll better wait for the official OPenSSL 1.1.1 patch.
This commit is contained in:
Dirk 2018-11-28 16:54:09 +01:00
parent e23afb900b
commit d2fe7567d3
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -9236,9 +9236,6 @@ starttls_xmpp_dialog() {
starttls_nntp_dialog() { starttls_nntp_dialog() {
debugme echo "=== starting nntp STARTTLS dialog ===" debugme echo "=== starting nntp STARTTLS dialog ==="
starttls_full_read '$^' '^20[01] ' && debugme echo "received server greeting" && starttls_full_read '$^' '^20[01] ' && debugme echo "received server greeting" &&
starttls_just_send 'CAPABILITIES' && debugme echo "sent CAPABILITIES" &&
starttls_full_read '$^' '^101 ' &&
starttls_full_read '' '^\.$' "^STARTTLS$" && debugme echo "received server capabilities and checked STARTTLS availability" &&
starttls_just_send 'STARTTLS' && debugme echo "initiated STARTTLS" && starttls_just_send 'STARTTLS' && debugme echo "initiated STARTTLS" &&
starttls_full_read '$^' '^382 ' && debugme echo "received ack for STARTTLS" starttls_full_read '$^' '^382 ' && debugme echo "received ack for STARTTLS"
local ret=$? local ret=$?
@ -16830,7 +16827,7 @@ determine_service() {
protocol=${1%s} # strip trailing 's' in ftp(s), smtp(s), pop3(s), etc protocol=${1%s} # strip trailing 's' in ftp(s), smtp(s), pop3(s), etc
fi fi
case "$protocol" in case "$protocol" in
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql) ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp)
STARTTLS="-starttls $protocol" STARTTLS="-starttls $protocol"
SNI="" SNI=""
if [[ "$protocol" == xmpp ]]; then if [[ "$protocol" == xmpp ]]; then
@ -16870,6 +16867,11 @@ determine_service() {
if ! "$HAS_LMTP"; then if ! "$HAS_LMTP"; then
fatal "Your $OPENSSL does not support the \"-starttls lmtp\" option" $ERR_OSSLBIN fatal "Your $OPENSSL does not support the \"-starttls lmtp\" option" $ERR_OSSLBIN
fi fi
elif [[ "$protocol" == nntp ]]; then
# Check if openssl version supports lmtp.
if ! "$HAS_NNTP"; then
fatal "Your $OPENSSL does not support the \"-starttls nntp\" option" $ERR_OSSLBIN
fi
fi fi
$OPENSSL s_client $(s_client_options "-connect $NODEIP:$PORT $PROXY $BUGS $STARTTLS") 2>$ERRFILE >$TMPFILE </dev/null $OPENSSL s_client $(s_client_options "-connect $NODEIP:$PORT $PROXY $BUGS $STARTTLS") 2>$ERRFILE >$TMPFILE </dev/null
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then