tags:

views:

541

answers:

4
+2  Q: 

SMTP on C: STARTTLS via OpenSSL

Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting:

SSL_METHOD* method = NULL;

SSL_library_init();
SSL_load_error_strings();

method = SSLv23_client_method();

ctx = SSL_CTX_new(method);
if (ctx == NULL)
{
    ERR_print_errors_fp(stderr);
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
ssl = SSL_new(ctx);
if (!SSL_set_fd(ssl, socket))
{
        ERR_print_errors_fp(stderr);
        return;
}
if (ssl)
{

    if (SSL_connect((SSL*)ssl) < 1)
    {
        ERR_print_errors_fp(stderr);
    }
    // then i think i need to send EHLO
}

But after calling SSL_connect I get an error:

24953:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:

If I use SSLv3_client_method I get an error: 

18143:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284.

And If TLSv1_client_method: 

21293:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:

Why? What I do wrong?

A: 

Try using SSLv3_client_method or TLSv1_client_method instead of SSLv23_client_method. I don't think Gmail supports SSLv23.

Remy Lebeau - TeamB  2010-04-02 01:20:35
If I use SSLv3_client_method I get an error:18143:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284.And If TLSv1_client_method:21293:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:Funny :)
Jackell  2010-04-02 06:34:56
A: 

Someone will securely connect to smtp protocol? Why server answer an error?

Jackell  2010-04-02 17:40:40
A: 

Are you reading both the \r (carriage return) and \n (newline) characters that delimit the end of the server's 220 response, before starting TLS?

caf  2010-04-06 13:20:34
+1  A: 

Hi, Jackell!

I ran in the same problem yesterday. Here is how I solved it:
- start by creating a normal TCP socket and connect it to smtp.gmail.com:587
- send a "ehlo [127.0.0.1]\r\n" command
- get the answers from the server (Notice: so far everything is in clear)
- send a "STARTTLS\r\n" command
- get the answer (i.e. "220 Ready for TLS")
- at this moment, create your ssl wrapper (method, ctx, etc...) and use "SSL_set_fd" and "SSL_connect" to activate it
- send a new "ehlo [127.0.0.1]\r\n" command but using the SSL socket

From now on, use "SSL_write" and "SSL_read" with the SSL socket to send your authentication information and email.

Please realize that this method only encrypts your data but doesn't authenticate yourself (or the server) with SSL certificates. But for me, it solved the problem of getting "unknown protocol".

Hope this helps...
Phil

Phil  2010-04-08 19:38:36
yeah, thanks a lot!
Jackell  2010-04-12 14:03:29

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS