I'd like to be able to use openssl s_client to diagnose SSL/TLS
connections to XMPP/Jabber servers.
There are two types of xmpp server ports:
(a) those that are used for connections from clients,
usually port 5222 (c2s).
(b) those that are used for connections from server to server,
usually port 5269 (s2s).
As of today, the -starttls xmpp option supports only (a).
In order to support (b), the pre-starttls handshake must be slightly
different.
Attached is a patch that implements -starttls xmpp-server
diff --git a/apps/s_client.c b/apps/s_client.c
index 3ec754f..4fd47c6 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -389,10 +389,11 @@ static void sc_usage(void)
BIO_printf(bio_err,
" 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err,
- " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+ " only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and \"xmpp-server\"\n");
BIO_printf(bio_err, " are supported.\n");
BIO_printf(bio_err,
- " -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n");
+ " -xmpphost host - When used with \"-starttls xmpp\" or \"-starttls xmpp-server\"\n");
+ BIO_printf(bio_err, " specifies the virtual host.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine id - Initialise and use the specified engine\n");
@@ -635,7 +636,8 @@ enum {
PROTO_POP3,
PROTO_IMAP,
PROTO_FTP,
- PROTO_XMPP
+ PROTO_XMPP,
+ PROTO_XMPP_SERVER
};
int MAIN(int, char **);
@@ -1062,6 +1064,8 @@ int MAIN(int argc, char **argv)
starttls_proto = PROTO_FTP;
else if (strcmp(*argv, "xmpp") == 0)
starttls_proto = PROTO_XMPP;
+ else if (strcmp(*argv, "xmpp-server") == 0)
+ starttls_proto = PROTO_XMPP_SERVER;
else
goto bad;
}
@@ -1613,12 +1617,13 @@ int MAIN(int argc, char **argv)
BIO_printf(sbio, "AUTH TLS\r\n");
BIO_read(sbio, sbuf, BUFSIZZ);
}
- if (starttls_proto == PROTO_XMPP) {
+ if (starttls_proto == PROTO_XMPP || starttls_proto == PROTO_XMPP_SERVER) {
int seen = 0;
BIO_printf(sbio, "<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
- "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost ?
- xmpphost : host);
+ "xmlns='jabber:%s' to='%s' version='1.0'>",
+ (starttls_proto==PROTO_XMPP) ? "client" : "server",
+ xmpphost ? xmpphost : host);
seen = BIO_read(sbio, mbuf, BUFSIZZ);
mbuf[seen] = 0;
while (!strstr
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 92f6e4a..6fd505f 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -281,12 +281,12 @@ command for more information.
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
+supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp" and "xmpp-server".
=item B<-xmpphost hostname>
-This option, when used with "-starttls xmpp", specifies the host for the
-"to" attribute of the stream element.
+This option, when used with "-starttls xmpp" or "-starttls xmpp-server",
+specifies the host for the "to" attribute of the stream element.
If this option is not specified, then the host specified with "-connect"
will be used.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
