views:

541

answers:

4

Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting:

SSL_METHOD* method = NULL;

SSL_library_init();
SSL_load_error_strings();

method = SSLv23_client_method();

ctx = SSL_CTX_new(method);
if (ctx == NULL)
{
    ERR_print_errors_fp(stderr);
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
ssl = SSL_new(ctx);
if (!SSL_set_fd(ssl, socket))
{
        ERR_print_errors_fp(stderr);
        return;
}
if (ssl)
{

    if (SSL_connect((SSL*)ssl) < 1)
    {
        ERR_print_errors_fp(stderr);
    }
    // then i think i need to send EHLO
}

But after calling SSL_connect I get an error:

24953:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:

If I use SSLv3_client_method I get an error:

18143:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284.

And If TLSv1_client_method:

21293:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:

Why? What I do wrong?

A: 

Try using SSLv3_client_method or TLSv1_client_method instead of SSLv23_client_method. I don't think Gmail supports SSLv23.

Remy Lebeau - TeamB
If I use SSLv3_client_method I get an error:18143:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284.And If TLSv1_client_method:21293:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:Funny :)
Jackell
A: 

Someone will securely connect to smtp protocol? Why server answer an error?

Jackell
A: 

Are you reading both the \r (carriage return) and \n (newline) characters that delimit the end of the server's 220 response, before starting TLS?

caf
+1  A: 

Hi, Jackell!

I ran in the same problem yesterday. Here is how I solved it:
- start by creating a normal TCP socket and connect it to smtp.gmail.com:587
- send a "ehlo [127.0.0.1]\r\n" command
- get the answers from the server (Notice: so far everything is in clear)
- send a "STARTTLS\r\n" command
- get the answer (i.e. "220 Ready for TLS")
- at this moment, create your ssl wrapper (method, ctx, etc...) and use "SSL_set_fd" and "SSL_connect" to activate it
- send a new "ehlo [127.0.0.1]\r\n" command but using the SSL socket

From now on, use "SSL_write" and "SSL_read" with the SSL socket to send your authentication information and email.

Please realize that this method only encrypts your data but doesn't authenticate yourself (or the server) with SSL certificates. But for me, it solved the problem of getting "unknown protocol".

Hope this helps...
Phil

Phil
yeah, thanks a lot!
Jackell