From 9d653fe05875a7749100f123952b96016a687b23 Mon Sep 17 00:00:00 2001 From: martijn <> Date: Sun, 1 Feb 2026 08:45:31 +0000 Subject: Implement s_client starttls protocol sieve. OK on previous diff concept sthen@ Suggestions, feedback and OK current diff tb@ --- src/usr.bin/openssl/openssl.1 | 5 ++-- src/usr.bin/openssl/s_client.c | 61 ++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 62 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index f3e0be15ed..b9eba1a1de 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.168 2025/12/20 07:02:37 tb Exp $ +.\" $OpenBSD: openssl.1,v 1.169 2026/02/01 08:45:31 martijn Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -110,7 +110,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: December 20 2025 $ +.Dd $Mdocdate: February 1 2026 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -4416,6 +4416,7 @@ is a keyword for the intended protocol. Currently, the supported keywords are .Qq ftp , .Qq imap , +.Qq sieve , .Qq smtp , .Qq pop3 , and diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 84718c19fd..2b05facc17 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.67 2025/01/02 16:07:41 tb Exp $ */ +/* $OpenBSD: s_client.c,v 1.68 2026/02/01 08:45:31 martijn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -174,6 +174,7 @@ enum { PROTO_LMTP, PROTO_POP3, PROTO_IMAP, + PROTO_SIEVE, PROTO_FTP, PROTO_XMPP, }; @@ -335,6 +336,8 @@ s_client_opt_starttls(char *arg) cfg.starttls_proto = PROTO_POP3; else if (strcmp(arg, "imap") == 0) cfg.starttls_proto = PROTO_IMAP; + else if (strcmp(arg, "sieve") == 0) + cfg.starttls_proto = PROTO_SIEVE; else if (strcmp(arg, "ftp") == 0) cfg.starttls_proto = PROTO_FTP; else if (strcmp(arg, "xmpp") == 0) @@ -729,7 +732,8 @@ static const struct option s_client_options[] = { .name = "starttls", .argname = "protocol", .desc = "Use the STARTTLS command before starting TLS,\n" - "smtp, lmtp, pop3, imap, ftp and xmpp are supported.", + "smtp, lmtp, pop3, imap, sieve, ftp and xmpp " + "are supported.", .type = OPTION_ARG_FUNC, .opt.argfunc = s_client_opt_starttls, }, @@ -834,6 +838,28 @@ sc_usage(void) fprintf(stderr, "\n"); } +static int +s_client_sieve_response_ok(const char *resp, int resplen) +{ + /* All lines need to be CRLF terminated */ + if (resplen <= 2) { + BIO_printf(bio_err, "Failed to get full server line\n"); + return 0; + } + if (resplen >= 4 && strncasecmp(resp, "OK", 2) == 0 && + (resp[2] == ' ' || resp[2] == '\r')) + return 1; + if (resplen >= 4 && strncasecmp(resp, "NO", 2) == 0 && + (resp[2] == ' ' || resp[2] == '\r')) + BIO_printf(bio_err, "Server rejected our connection\n"); + else if (resplen >= 5 && strncasecmp(resp, "BYE", 3) == 0 && + (resp[3] == ' ' || resp[3] == '\r')) + BIO_printf(bio_err, "Server disconnected our connection\n"); + else + BIO_printf(bio_err, "Server sent invalid response\n"); + return 0; +} + int s_client_main(int argc, char **argv) { @@ -1220,6 +1246,37 @@ s_client_main(int argc, char **argv) " try anyway...\n"); BIO_printf(sbio, ". STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); + } else if (cfg.starttls_proto == PROTO_SIEVE) { + int foundit = 0; + BIO *fbio; + + if ((fbio = BIO_new(BIO_f_buffer()))== NULL) { + BIO_printf(bio_err, "Failed to create BIO\n"); + goto end; + } + BIO_push(fbio, sbio); + /* wait for multi-line CAPABILITY response */ + while (1) { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (mbuf_len > 2 && mbuf[0] == '"') { + if (strcasecmp(mbuf, "\"STARTTLS\"\r\n") == 0) + foundit = 1; + } else if (s_client_sieve_response_ok(mbuf, mbuf_len)) + break; + else + goto end; + } + if (!foundit) + BIO_printf(bio_err, + "didn't find STARTTLS in server response," + " try anyway...\n"); + BIO_printf(sbio, "STARTTLS\r\n"); + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + (void) BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!s_client_sieve_response_ok(mbuf, mbuf_len)) + goto end; } else if (cfg.starttls_proto == PROTO_FTP) { BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); -- cgit v1.2.3-55-g6feb