diff options
| author | Robert Scheck <robert@fedoraproject.org> | 2017-02-19 22:50:30 +0100 |
|---|---|---|
| committer | Robert Scheck <robert@fedoraproject.org> | 2017-02-19 22:50:30 +0100 |
| commit | f4224c483b1f6a0c648fa842d25ecb47995d82fb (patch) | |
| tree | fb4820e777061e0e419b4fed3e00de6420dc993d /src | |
| parent | ed2c0f8e70690f136ce2b8342f9f1ed227f1e01c (diff) | |
| download | gnutls-f4224c483b1f6a0c648fa842d25ecb47995d82fb.tar.gz | |
Add LMTP, POP3, NNTP, Sieve and PostgreSQL support to gnutls-cli
Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC 5804) and PostgreSQL support to gnutls-cli ("--starttls-proto").
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/cli-args.def | 2 | ||||
| -rw-r--r-- | src/cli-debug-args.def | 2 | ||||
| -rw-r--r-- | src/danetool-args.def | 2 | ||||
| -rw-r--r-- | src/socket.c | 38 |
4 files changed, 41 insertions, 3 deletions
diff --git a/src/cli-args.def b/src/cli-args.def index 451f80f293..202afcd9a0 100644 --- a/src/cli-args.def +++ b/src/cli-args.def @@ -94,7 +94,7 @@ flag = { flag = { name = starttls-proto; - descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp)"; + descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres)"; arg-type = string; doc = "Specify the application layer protocol for STARTTLS. If the protocol is supported, gnutls-cli will proceed to the TLS negotiation."; flags-cant = starttls; diff --git a/src/cli-debug-args.def b/src/cli-debug-args.def index 56e289ce9a..4524b0189c 100644 --- a/src/cli-debug-args.def +++ b/src/cli-debug-args.def @@ -34,7 +34,7 @@ flag = { flag = { name = starttls-proto; arg-type = string; - descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp)"; + descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres)"; doc = "Specify the application layer protocol for STARTTLS. If the protocol is supported, gnutls-cli will proceed to the TLS negotiation."; }; diff --git a/src/danetool-args.def b/src/danetool-args.def index 80cd5a0e05..61d11a3fff 100644 --- a/src/danetool-args.def +++ b/src/danetool-args.def @@ -97,7 +97,7 @@ flag = { flag = { name = starttls-proto; - descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp)"; + descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres)"; arg-type = string; doc = "When the server's certificate isn't provided danetool will connect to the server to obtain the certificate. In that case it is required to know the protocol to talk with the server prior to initiating the TLS handshake."; }; diff --git a/src/socket.c b/src/socket.c index a8fd3652b9..9c5ca8b685 100644 --- a/src/socket.c +++ b/src/socket.c @@ -272,6 +272,44 @@ socket_starttls(socket_st * socket) wait_for_text(socket, "211 ", 4); send_line(socket, "AUTH TLS\r\n"); wait_for_text(socket, "234", 3); + } else if (strcasecmp(socket->app_proto, "lmtp") == 0) { + if (socket->verbose) + printf("Negotiating LMTP STARTTLS\n"); + + wait_for_text(socket, "220 ", 4); + snprintf(buf, sizeof(buf), "LHLO %s\r\n", socket->hostname); + send_line(socket, buf); + wait_for_text(socket, "250 ", 4); + send_line(socket, "STARTTLS\r\n"); + wait_for_text(socket, "220 ", 4); + } else if (strcasecmp(socket->app_proto, "pop3") == 0) { + if (socket->verbose) + printf("Negotiating POP3 STARTTLS\n"); + + wait_for_text(socket, "+OK", 3); + send_line(socket, "STLS\r\n"); + wait_for_text(socket, "+OK", 3); + } else if (strcasecmp(socket->app_proto, "nntp") == 0) { + if (socket->verbose) + printf("Negotiating NNTP STARTTLS\n"); + + wait_for_text(socket, "200 ", 4); + send_line(socket, "STARTTLS\r\n"); + wait_for_text(socket, "382 ", 4); + } else if (strcasecmp(socket->app_proto, "sieve") == 0) { + if (socket->verbose) + printf("Negotiating Sieve STARTTLS\n"); + + wait_for_text(socket, "OK ", 3); + send_line(socket, "STARTTLS\r\n"); + wait_for_text(socket, "OK ", 3); + } else if (strcasecmp(socket->app_proto, "postgres") == 0 || strcasecmp(socket->app_proto, "postgresql") == 0) { + if (socket->verbose) + printf("Negotiating PostgreSQL STARTTLS\n"); + +#define POSTGRES_STR "\x00\x00\x00\x08\x04\xD2\x16\x2F" + send(socket->fd, POSTGRES_STR, sizeof(POSTGRES_STR)-1, 0); + wait_for_text(socket, NULL, 0); } else { if (!c_isdigit(socket->app_proto[0])) { static int warned = 0; |