Add STARTTLS support for IMAP and FTP.

Submitted by Kees Cook <kees@outflux.net>

apps/s_client.c

@@ -316,7 +316,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
+	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 #endif
@@ -348,6 +348,15 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 	}
 #endif
 
+enum
+{
+	PROTO_OFF	= 0,
+	PROTO_SMTP,
+	PROTO_POP3,
+	PROTO_IMAP,
+	PROTO_FTP,
+};
+
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
@@ -374,12 +383,13 @@ int MAIN(int argc, char **argv)
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
-	int starttls_proto = 0;
+	int starttls_proto = PROTO_OFF;
 	int prexit = 0, vflags = 0;
 	const SSL_METHOD *meth=NULL;
 	int socket_type=SOCK_STREAM;
 	BIO *sbio;
 	char *inrand=NULL;
+	int mbuf_len=0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
@@ -610,9 +620,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			++argv;
 			if (strcmp(*argv,"smtp") == 0)
-				starttls_proto = 1;
+				starttls_proto = PROTO_SMTP;
 			else if (strcmp(*argv,"pop3") == 0)
-				starttls_proto = 2;
+				starttls_proto = PROTO_POP3;
+			else if (strcmp(*argv,"imap") == 0)
+				starttls_proto = PROTO_IMAP;
+			else if (strcmp(*argv,"ftp") == 0)
+				starttls_proto = PROTO_FTP;
 			else
 				goto bad;
 			}
@@ -898,18 +912,40 @@ re_start:
 	sbuf_off=0;
 
 	/* This is an ugly hack that does a lot of assumptions */
-	if (starttls_proto == 1)
+	if (starttls_proto == PROTO_SMTP)
 		{
-		BIO_read(sbio,mbuf,BUFSIZZ);
+		/* wait for multi-line response to end from SMTP */
+		do
+			{
+			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+			}
+		while (mbuf_len>3 && mbuf[3]=='-');
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
-	if (starttls_proto == 2)
+	else if (starttls_proto == PROTO_POP3)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
+	else if (starttls_proto == PROTO_IMAP)
+		{
+		BIO_read(sbio,mbuf,BUFSIZZ);
+		BIO_printf(sbio,"0 STARTTLS\r\n");
+		BIO_read(sbio,sbuf,BUFSIZZ);
+		}
+	else if (starttls_proto == PROTO_FTP)
+		{
+		/* wait for multi-line response to end from FTP */
+		do
+			{
+			mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+			}
+		while (mbuf_len>3 && mbuf[3]=='-');
+		BIO_printf(sbio,"AUTH TLS\r\n");
+		BIO_read(sbio,sbuf,BUFSIZZ);
+		}
 
 	for (;;)
 		{
@@ -940,7 +976,7 @@ re_start:
 					{
 					BIO_printf(bio_err,"%s",mbuf);
 					/* We don't need to know any more */
-					starttls_proto = 0;
+					starttls_proto = PROTO_OFF;
 					}
 
 				if (reconnect)

doc/apps/s_client.pod

@@ -194,7 +194,7 @@ command for more information.
 
 send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
-supported keywords are "smtp" and "pop3".
+supported keywords are "smtp", "pop3", "imap", and "ftp".
 
 =item B<-engine id>