Implement s_client starttls protocol sieve.

OK on previous diff concept sthen@ Suggestions, feedback and OK current diff tb@
author: martijn <> 2026-02-01 08:45:31 +0000
committer: martijn <> 2026-02-01 08:45:31 +0000
commit: 9d653fe05875a7749100f123952b96016a687b23 (patch)
tree: 5f046431db62474bbebdf48d7a67ed0dd786c321
parent: 72dd855fafeb3d340672b9815b04ddd4d851c5d4 (diff)
download: openbsd-9d653fe05875a7749100f123952b96016a687b23.tar.gz
openbsd-9d653fe05875a7749100f123952b96016a687b23.tar.bz2
openbsd-9d653fe05875a7749100f123952b96016a687b23.zip
2 files changed, 62 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index f3e0be15ed..b9eba1a1de 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.168 2025/12/20 07:02:37 tb Exp $
+.\" $OpenBSD: openssl.1,v 1.169 2026/02/01 08:45:31 martijn Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: December 20 2025 $
+.Dd $Mdocdate: February 1 2026 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -4416,6 +4416,7 @@ is a keyword for the intended protocol.
 Currently, the supported keywords are
 .Qq ftp ,
 .Qq imap ,
+.Qq sieve ,
 .Qq smtp ,
 .Qq pop3 ,
 and
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 84718c19fd..2b05facc17 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.67 2025/01/02 16:07:41 tb Exp $ */
+/* $OpenBSD: s_client.c,v 1.68 2026/02/01 08:45:31 martijn Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -174,6 +174,7 @@ enum {
        PROTO_LMTP,
        PROTO_POP3,
        PROTO_IMAP,
+        PROTO_SIEVE,
        PROTO_FTP,
        PROTO_XMPP,
 };
@@ -335,6 +336,8 @@ s_client_opt_starttls(char *arg)
                cfg.starttls_proto = PROTO_POP3;
        else if (strcmp(arg, "imap") == 0)
                cfg.starttls_proto = PROTO_IMAP;
+        else if (strcmp(arg, "sieve") == 0)
+                cfg.starttls_proto = PROTO_SIEVE;
        else if (strcmp(arg, "ftp") == 0)
                cfg.starttls_proto = PROTO_FTP;
        else if (strcmp(arg, "xmpp") == 0)
@@ -729,7 +732,8 @@ static const struct option s_client_options[] = {
                .name = "starttls",
                .argname = "protocol",
                .desc = "Use the STARTTLS command before starting TLS,\n"
-                        "smtp, lmtp, pop3, imap, ftp and xmpp are supported.",
+                        "smtp, lmtp, pop3, imap, sieve, ftp and xmpp "
+                        "are supported.",
                .type = OPTION_ARG_FUNC,
                .opt.argfunc = s_client_opt_starttls,
        },
@@ -834,6 +838,28 @@ sc_usage(void)
        fprintf(stderr, "\n");
 }
+static int
+s_client_sieve_response_ok(const char *resp, int resplen)
+{
+        /* All lines need to be CRLF terminated */
+        if (resplen <= 2) {
+                BIO_printf(bio_err, "Failed to get full server line\n");
+                return 0;
+        }
+        if (resplen >= 4 && strncasecmp(resp, "OK", 2) == 0 &&
+            (resp[2] == ' ' || resp[2] == '\r'))
+                return 1;
+        if (resplen >= 4 && strncasecmp(resp, "NO", 2) == 0 &&
+            (resp[2] == ' ' || resp[2] == '\r'))
+                BIO_printf(bio_err, "Server rejected our connection\n");
+        else if (resplen >= 5 && strncasecmp(resp, "BYE", 3) == 0 &&
+            (resp[3] == ' ' || resp[3] == '\r'))
+                BIO_printf(bio_err, "Server disconnected our connection\n");
+        else
+                BIO_printf(bio_err, "Server sent invalid response\n");
+        return 0;
+}
 int
 s_client_main(int argc, char **argv)
 {
@@ -1220,6 +1246,37 @@ s_client_main(int argc, char **argv)
                            " try anyway...\n");
                BIO_printf(sbio, ". STARTTLS\r\n");
                BIO_read(sbio, sbuf, BUFSIZZ);
+        } else if (cfg.starttls_proto == PROTO_SIEVE) {
+                int foundit = 0;
+                BIO *fbio;
+                if ((fbio = BIO_new(BIO_f_buffer()))== NULL) {
+                        BIO_printf(bio_err, "Failed to create BIO\n");
+                        goto end;
+                }
+                BIO_push(fbio, sbio);
+                /* wait for multi-line CAPABILITY response */
+                while (1) {
+                        mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                        if (mbuf_len > 2 && mbuf[0] == '"') {
+                                if (strcasecmp(mbuf, "\"STARTTLS\"\r\n") == 0)
+                                        foundit = 1;
+                        } else if (s_client_sieve_response_ok(mbuf, mbuf_len))
+                                break;
+                        else
+                                goto end;
+                }
+                if (!foundit)
+                        BIO_printf(bio_err,
+                            "didn't find STARTTLS in server response,"
+                            " try anyway...\n");
+                BIO_printf(sbio, "STARTTLS\r\n");
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                (void) BIO_flush(fbio);
+                BIO_pop(fbio);
+                BIO_free(fbio);
+                if (!s_client_sieve_response_ok(mbuf, mbuf_len))
+                        goto end;
        } else if (cfg.starttls_proto == PROTO_FTP) {
                BIO *fbio = BIO_new(BIO_f_buffer());
                BIO_push(fbio, sbio);
author	martijn <>	2026-02-01 08:45:31 +0000
committer	martijn <>	2026-02-01 08:45:31 +0000
commit	9d653fe05875a7749100f123952b96016a687b23 (patch)
tree	5f046431db62474bbebdf48d7a67ed0dd786c321
parent	72dd855fafeb3d340672b9815b04ddd4d851c5d4 (diff)
download	openbsd-9d653fe05875a7749100f123952b96016a687b23.tar.gz openbsd-9d653fe05875a7749100f123952b96016a687b23.tar.bz2 openbsd-9d653fe05875a7749100f123952b96016a687b23.zip

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index f3e0be15ed..b9eba1a1de 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.168 2025/12/20 07:02:37 tb Exp $	1	.\" $OpenBSD: openssl.1,v 1.169 2026/02/01 08:45:31 martijn Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -110,7 +110,7 @@
110	.\" copied and put under another distribution licence	110	.\" copied and put under another distribution licence
111	.\" [including the GNU Public Licence.]	111	.\" [including the GNU Public Licence.]
112	.\"	112	.\"
113	.Dd $Mdocdate: December 20 2025 $	113	.Dd $Mdocdate: February 1 2026 $
114	.Dt OPENSSL 1	114	.Dt OPENSSL 1
115	.Os	115	.Os
116	.Sh NAME	116	.Sh NAME
@@ -4416,6 +4416,7 @@ is a keyword for the intended protocol.
4416	Currently, the supported keywords are	4416	Currently, the supported keywords are
4417	.Qq ftp ,	4417	.Qq ftp ,
4418	.Qq imap ,	4418	.Qq imap ,
		4419	.Qq sieve ,
4419	.Qq smtp ,	4420	.Qq smtp ,
4420	.Qq pop3 ,	4421	.Qq pop3 ,
4421	and	4422	and


diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 84718c19fd..2b05facc17 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_client.c,v 1.67 2025/01/02 16:07:41 tb Exp $ */	1	/* $OpenBSD: s_client.c,v 1.68 2026/02/01 08:45:31 martijn Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -174,6 +174,7 @@ enum {
174	PROTO_LMTP,	174	PROTO_LMTP,
175	PROTO_POP3,	175	PROTO_POP3,
176	PROTO_IMAP,	176	PROTO_IMAP,
		177	PROTO_SIEVE,
177	PROTO_FTP,	178	PROTO_FTP,
178	PROTO_XMPP,	179	PROTO_XMPP,
179	};	180	};
@@ -335,6 +336,8 @@ s_client_opt_starttls(char *arg)
335	cfg.starttls_proto = PROTO_POP3;	336	cfg.starttls_proto = PROTO_POP3;
336	else if (strcmp(arg, "imap") == 0)	337	else if (strcmp(arg, "imap") == 0)
337	cfg.starttls_proto = PROTO_IMAP;	338	cfg.starttls_proto = PROTO_IMAP;
		339	else if (strcmp(arg, "sieve") == 0)
		340	cfg.starttls_proto = PROTO_SIEVE;
338	else if (strcmp(arg, "ftp") == 0)	341	else if (strcmp(arg, "ftp") == 0)
339	cfg.starttls_proto = PROTO_FTP;	342	cfg.starttls_proto = PROTO_FTP;
340	else if (strcmp(arg, "xmpp") == 0)	343	else if (strcmp(arg, "xmpp") == 0)
@@ -729,7 +732,8 @@ static const struct option s_client_options[] = {
729	.name = "starttls",	732	.name = "starttls",
730	.argname = "protocol",	733	.argname = "protocol",
731	.desc = "Use the STARTTLS command before starting TLS,\n"	734	.desc = "Use the STARTTLS command before starting TLS,\n"
732	"smtp, lmtp, pop3, imap, ftp and xmpp are supported.",	735	"smtp, lmtp, pop3, imap, sieve, ftp and xmpp "
		736	"are supported.",
733	.type = OPTION_ARG_FUNC,	737	.type = OPTION_ARG_FUNC,
734	.opt.argfunc = s_client_opt_starttls,	738	.opt.argfunc = s_client_opt_starttls,
735	},	739	},
@@ -834,6 +838,28 @@ sc_usage(void)
834	fprintf(stderr, "\n");	838	fprintf(stderr, "\n");
835	}	839	}
836		840
		841	static int
		842	s_client_sieve_response_ok(const char *resp, int resplen)
		843	{
		844	/* All lines need to be CRLF terminated */
		845	if (resplen <= 2) {
		846	BIO_printf(bio_err, "Failed to get full server line\n");
		847	return 0;
		848	}
		849	if (resplen >= 4 && strncasecmp(resp, "OK", 2) == 0 &&
		850	(resp[2] == ' ' \|\| resp[2] == '\r'))
		851	return 1;
		852	if (resplen >= 4 && strncasecmp(resp, "NO", 2) == 0 &&
		853	(resp[2] == ' ' \|\| resp[2] == '\r'))
		854	BIO_printf(bio_err, "Server rejected our connection\n");
		855	else if (resplen >= 5 && strncasecmp(resp, "BYE", 3) == 0 &&
		856	(resp[3] == ' ' \|\| resp[3] == '\r'))
		857	BIO_printf(bio_err, "Server disconnected our connection\n");
		858	else
		859	BIO_printf(bio_err, "Server sent invalid response\n");
		860	return 0;
		861	}
		862
837	int	863	int
838	s_client_main(int argc, char **argv)	864	s_client_main(int argc, char **argv)
839	{	865	{
@@ -1220,6 +1246,37 @@ s_client_main(int argc, char **argv)
1220	" try anyway...\n");	1246	" try anyway...\n");
1221	BIO_printf(sbio, ". STARTTLS\r\n");	1247	BIO_printf(sbio, ". STARTTLS\r\n");
1222	BIO_read(sbio, sbuf, BUFSIZZ);	1248	BIO_read(sbio, sbuf, BUFSIZZ);
		1249	} else if (cfg.starttls_proto == PROTO_SIEVE) {
		1250	int foundit = 0;
		1251	BIO *fbio;
		1252
		1253	if ((fbio = BIO_new(BIO_f_buffer()))== NULL) {
		1254	BIO_printf(bio_err, "Failed to create BIO\n");
		1255	goto end;
		1256	}
		1257	BIO_push(fbio, sbio);
		1258	/* wait for multi-line CAPABILITY response */
		1259	while (1) {
		1260	mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
		1261	if (mbuf_len > 2 && mbuf[0] == '"') {
		1262	if (strcasecmp(mbuf, "\"STARTTLS\"\r\n") == 0)
		1263	foundit = 1;
		1264	} else if (s_client_sieve_response_ok(mbuf, mbuf_len))
		1265	break;
		1266	else
		1267	goto end;
		1268	}
		1269	if (!foundit)
		1270	BIO_printf(bio_err,
		1271	"didn't find STARTTLS in server response,"
		1272	" try anyway...\n");
		1273	BIO_printf(sbio, "STARTTLS\r\n");
		1274	mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
		1275	(void) BIO_flush(fbio);
		1276	BIO_pop(fbio);
		1277	BIO_free(fbio);
		1278	if (!s_client_sieve_response_ok(mbuf, mbuf_len))
		1279	goto end;
1223	} else if (cfg.starttls_proto == PROTO_FTP) {	1280	} else if (cfg.starttls_proto == PROTO_FTP) {
1224	BIO *fbio = BIO_new(BIO_f_buffer());	1281	BIO *fbio = BIO_new(BIO_f_buffer());
1225	BIO_push(fbio, sbio);	1282	BIO_push(fbio, sbio);