Hi,
I am attempting to implement the STARTTLS extension (RFC 3207) for SMTP in
Ruby,
and I'm not getting very far because, if I'm perfectly honest, I don't know
my way around
OpenSSL, nor SSL itself.
My aim is to allow a SMTP to open a standard TCP socket, send "STARTTLS",
the
server and client initiate and secure an SSL connection, and then the SMTP
session is
considered secure
The code was working during testing, but in production where it is taking
"heavy" load,
I will see the message "SSLv3 bad record mac" appearing as an SSLError
exception
about 1 in every 10 requests.
I have cobbled together the various code from method lists, and
consequently, I'm not
sure if this is the recommended method for going about this (evidently not,
as I'm
occasionally reading binary from the socket, causing a JSON parse error
when I
attempt to queue the message), but I would very much appreciate any help you
could give me with finding the bug in this code:
def process_starttls
send_line "220 Go ahead"
@state.clear
@ssl = true
@ctx = OpenSSL::SSL::SSLContext.new
@ctx.cert = OpenSSL::X509::Certificate.new File.read
"/home/luke/Dropbox/Keys/ghstwrks.com.crt"
@ctx.key = OpenSSL::PKey::RSA.new
File.read("/home/luke/Dropbox/Keys/ghstwrks.com.key"),
"not_an_actual_secret"
@socket = OpenSSL::SSL::SSLSocket.new @socket, @ctx
@socket.accept
end
The errors will occur when reading from @socket later on in the program
I would be eternally grateful if anybody could teach me how OpenSSL sockets
work, or point me the direction of a resource which can
I can pay you back with documentation if you would like?
Thanks,
Luke
