Re: OpenSSL,SMTP,STARTTLS how does it work?

Fri, 04 May 2007 13:42:52 -0700 

Hello,
> 
> I'm trying to create a little smtp client that could deal with ssl
> encryption within a c++ application. 
> To do that i'm using openssl and following the smtp protocol. 
> 
> As i understood, i have to initialise the library first and several
> other things. I'm doing that: 
> 
> SSL_load_error_strings(); 
> SSL_library_init(); 
You may try here to initialize PRNG, for example with command:
        RAND_load_file("/dev/urandom", 1024);
(end check return code)

> ctx=SSL_CTX_new(SSLv23_method()); 
> SSL_CTX_set_options(ctx, SSL_OP_ALL); 
You may try:
        ctx=SSL_CTX_new(SSLv23_client_method());
(end check return code)

> Then i'm openning a non-secured connection to the server with the BIO
> objects. 
> 
> bio=BIO_new_connect((char*)server_address.c_str()); 
> if ( BIO_do_connect(bio) <= 0 ) 
> { 
>     valid=false; 
>     return false; 
> } 
> 
> At that point, i can use the bio object to communicate with the
> server. I can send an email on a non protected server (so my smtp
> protocol is ok). 
> At the right time i'm sending STARTTLS to the server and it's replying
> 220 Ready for TLS. 
Looks good, you may test this with openssl command using:
  $ openssl s_client -connect host:25 -starttls smtp
to check that server behaves correctly.

> Then, i'm doing that: 
> 
> SSL * connection=SSL_new(ctx); 
> SSL_set_bio(connection,bio,bio); 
> SSL_set_connect_state(connection); 
> if( SSL_do_handshake(connection) <=0 ) 
> { 
>         return false; 
> } 
All I can say is that using connect(), SSL_set_fd() and SSL_connect()
works in this situation.

> Don't know if it's important because the compiler never stopped on
> it. 
> After that i'm sending a EHLO [xxx.xxx.xxx.xxx] command as specified
> in the rfc for smtp with STARTTLS. 
> Then... nothing!!!! 
> The socket is still opened i can write and read on it but the server
> never replied anything. 
Are you using SSL_read()/SSL_write() for that ?


Best regards,
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to