Here is the relevant source from protocol.c<br><br><pre><div class="" id="LC183"><span class="">static</span> <span class="">void</span> <span class="">smtp_client</span><span class="">(</span><span class="">CLI</span> <span class="">*</span><span class="">c</span><span class="">)</span> <span class="">{</span></div>
<div class="" id="LC184"> <span class="">char</span> <span class="">*</span><span class="">line</span><span class="">;</span></div><div class="" id="LC185"><br></div><div class="" id="LC186"> <span class="">do</span> <span class="">{</span> <span class="">/* copy multiline greeting */</span></div>
<div class="" id="LC187"> <span class="">line</span><span class="">=</span><span class="">fdgetline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">remote_fd</span><span class="">.</span><span class="">fd</span><span class="">);</span></div>
<div class="" id="LC188"> <span class="">fdputline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_wfd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">line</span><span class="">);</span></div>
<div class="" id="LC189"> <span class="">}</span> <span class="">while</span><span class="">(</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"220-"</span><span class="">));</span></div>
<div class="" id="LC190"><br></div><div class="" id="LC191"> <span class="">fdputline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">remote_fd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">"EHLO localhost"</span><span class="">);</span></div>
<div class="" id="LC192"> <span class="">do</span> <span class="">{</span> <span class="">/* skip multiline reply */</span></div><div class="" id="LC193"> <span class="">line</span><span class="">=</span><span class="">fdgetline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">remote_fd</span><span class="">.</span><span class="">fd</span><span class="">);</span></div>
<div class="" id="LC194"> <span class="">}</span> <span class="">while</span><span class="">(</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"250-"</span><span class="">));</span></div>
<div class="" id="LC195"> <span class="">if</span><span class="">(</span><span class="">!</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"250 "</span><span class="">))</span> <span class="">{</span> <span class="">/* error */</span></div>
<div class="" id="LC196"> <span class="">s_log</span><span class="">(</span><span class="">LOG_ERR</span><span class="">,</span> <span class="">"Remote server is not RFC 1425 compliant"</span><span class="">);</span></div>
<div class="" id="LC197"> <span class="">longjmp</span><span class="">(</span><span class="">c</span><span class="">-></span><span class="">err</span><span class="">,</span> <span class="">1</span><span class="">);</span></div>
<div class="" id="LC198"> <span class="">}</span></div><div class="" id="LC199"><br></div><div class="" id="LC200"> <span class="">fdputline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">remote_fd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">"STARTTLS"</span><span class="">);</span></div>
<div class="" id="LC201"> <span class="">do</span> <span class="">{</span> <span class="">/* skip multiline reply */</span></div><div class="" id="LC202"> <span class="">line</span><span class="">=</span><span class="">fdgetline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">remote_fd</span><span class="">.</span><span class="">fd</span><span class="">);</span></div>
<div class="" id="LC203"> <span class="">}</span> <span class="">while</span><span class="">(</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"220-"</span><span class="">));</span></div>
<div class="" id="LC204"> <span class="">if</span><span class="">(</span><span class="">!</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"220 "</span><span class="">))</span> <span class="">{</span> <span class="">/* error */</span></div>
<div class="" id="LC205"> <span class="">s_log</span><span class="">(</span><span class="">LOG_ERR</span><span class="">,</span> <span class="">"Remote server is not RFC 2487 compliant"</span><span class="">);</span></div>
<div class="" id="LC206"> <span class="">longjmp</span><span class="">(</span><span class="">c</span><span class="">-></span><span class="">err</span><span class="">,</span> <span class="">1</span><span class="">);</span></div>
<div class="" id="LC207"> <span class="">}</span></div><div class="" id="LC208"><span class="">}</span></div><div class="" id="LC209"><br></div><div class="" id="LC210"><span class="">static</span> <span class="">void</span> <span class="">smtp_server</span><span class="">(</span><span class="">CLI</span> <span class="">*</span><span class="">c</span><span class="">)</span> <span class="">{</span></div>
<div class="" id="LC211"> <span class="">char</span> <span class="">*</span><span class="">line</span><span class="">;</span></div><div class="" id="LC212"><br></div><div class="" id="LC213"> <span class="">s_poll_init</span><span class="">(</span><span class="">&</span><span class="">c</span><span class="">-></span><span class="">fds</span><span class="">);</span></div>
<div class="" id="LC214"> <span class="">s_poll_add</span><span class="">(</span><span class="">&</span><span class="">c</span><span class="">-></span><span class="">fds</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_rfd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">1</span><span class="">,</span> <span class="">0</span><span class="">);</span></div>
<div class="" id="LC215"> <span class="">switch</span><span class="">(</span><span class="">s_poll_wait</span><span class="">(</span><span class="">&</span><span class="">c</span><span class="">-></span><span class="">fds</span><span class="">,</span> <span class="">0</span><span class="">,</span> <span class="">200</span><span class="">))</span> <span class="">{</span> <span class="">/* wait up to 200ms */</span></div>
<div class="" id="LC216"> <span class="">case</span> <span class="">0</span>: <span class="">/* fd not ready to read */</span></div><div class="" id="LC217"> <span class="">s_log</span><span class="">(</span><span class="">LOG_DEBUG</span><span class="">,</span> <span class="">"RFC 2487 detected"</span><span class="">);</span></div>
<div class="" id="LC218"> <span class="">break</span><span class="">;</span></div><div class="" id="LC219"> <span class="">case</span> <span class="">1</span>: <span class="">/* fd ready to read */</span></div><div class="" id="LC220">
<span class="">s_log</span><span class="">(</span><span class="">LOG_DEBUG</span><span class="">,</span> <span class="">"RFC 2487 not detected"</span><span class="">);</span></div><div class="" id="LC221">
<span class="">return</span><span class="">;</span> <span class="">/* return if RFC 2487 is not used */</span></div><div class="" id="LC222"> <span class="">default:</span> <span class="">/* -1 */</span></div><div class="" id="LC223">
<span class="">sockerror</span><span class="">(</span><span class="">"RFC2487 (s_poll_wait)"</span><span class="">);</span></div><div class="" id="LC224"> <span class="">longjmp</span><span class="">(</span><span class="">c</span><span class="">-></span><span class="">err</span><span class="">,</span> <span class="">1</span><span class="">);</span></div>
<div class="" id="LC225"> <span class="">}</span></div><div class="" id="LC226"><br></div><div class="" id="LC227"> <span class="">line</span><span class="">=</span><span class="">fdgetline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">remote_fd</span><span class="">.</span><span class="">fd</span><span class="">);</span></div>
<div class="" id="LC228"> <span class="">if</span><span class="">(</span><span class="">!</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"220"</span><span class="">))</span> <span class="">{</span></div>
<div class="" id="LC229"> <span class="">s_log</span><span class="">(</span><span class="">LOG_ERR</span><span class="">,</span> <span class="">"Unknown server welcome"</span><span class="">);</span></div>
<div class="" id="LC230"> <span class="">longjmp</span><span class="">(</span><span class="">c</span><span class="">-></span><span class="">err</span><span class="">,</span> <span class="">1</span><span class="">);</span></div>
<div class="" id="LC231"> <span class="">}</span></div><div class="" id="LC232"> <span class="">fdprintf</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_wfd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">"%s + stunnel"</span><span class="">,</span> <span class="">line</span><span class="">);</span></div>
<div class="" id="LC233"> <span class="">line</span><span class="">=</span><span class="">fdgetline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_rfd</span><span class="">.</span><span class="">fd</span><span class="">);</span></div>
<div class="" id="LC234"> <span class="">if</span><span class="">(</span><span class="">!</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"EHLO "</span><span class="">))</span> <span class="">{</span></div>
<div class="" id="LC235"> <span class="">s_log</span><span class="">(</span><span class="">LOG_ERR</span><span class="">,</span> <span class="">"Unknown client EHLO"</span><span class="">);</span></div><div class="" id="LC236">
<span class="">longjmp</span><span class="">(</span><span class="">c</span><span class="">-></span><span class="">err</span><span class="">,</span> <span class="">1</span><span class="">);</span></div><div class="" id="LC237">
<span class="">}</span></div><div class="" id="LC238"> <span class="">fdprintf</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_wfd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">"250-%s Welcome"</span><span class="">,</span> <span class="">line</span><span class="">);</span></div>
<div class="" id="LC239"> <span class="">fdputline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_wfd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">"250 STARTTLS"</span><span class="">);</span></div>
<div class="" id="LC240"> <span class="">line</span><span class="">=</span><span class="">fdgetline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_rfd</span><span class="">.</span><span class="">fd</span><span class="">);</span></div>
<div class="" id="LC241"> <span class="">if</span><span class="">(</span><span class="">!</span><span class="">isprefix</span><span class="">(</span><span class="">line</span><span class="">,</span> <span class="">"STARTTLS"</span><span class="">))</span> <span class="">{</span></div>
<div class="" id="LC242"> <span class="">s_log</span><span class="">(</span><span class="">LOG_ERR</span><span class="">,</span> <span class="">"STARTTLS expected"</span><span class="">);</span></div><div class="" id="LC243">
<span class="">longjmp</span><span class="">(</span><span class="">c</span><span class="">-></span><span class="">err</span><span class="">,</span> <span class="">1</span><span class="">);</span></div><div class="" id="LC244">
<span class="">}</span></div><div class="" id="LC245"> <span class="">fdputline</span><span class="">(</span><span class="">c</span><span class="">,</span> <span class="">c</span><span class="">-></span><span class="">local_wfd</span><span class="">.</span><span class="">fd</span><span class="">,</span> <span class="">"220 Go ahead"</span><span class="">);</span></div>
<div class="" id="LC246"><span class="">}</span></div><div class="" id="LC247"><br><br>After the initial handshake, it looks for the STARTTLS line. From there, that's where the magic happens. Try setting protocol equal to smtp.<br>
</div></pre><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Dec 5, 2012 at 6:00 PM, <span dir="ltr"><<a href="mailto:jw72253@verizon.net" target="_blank">jw72253@verizon.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-size:12px;font-family:Arial"><div>�</div><div>�</div><div> Hi, Brian.</div><div>�</div><div>You know, I probably did not ask this question clearly enough. I understood that the purpose of "starttls" is to negotiate an (higher level) encrypted connection on the same port. No problem with this much. What I am really trying to get at is this: how does stunnel go about requesting the negotiation from the server? I am wanting to make a connection to a remote SMTP server using stunnel on port 587. So, if I use this setting</div>
<div>�</div><div>[my SMTP connection]</div><div>Accept = <a href="http://127.0.0.1" target="_blank">127.0.0.1</a>:<some port></div><div>Connect = <SMTP server IP>:587</div><div>�</div><div>I am assuming that with this my connection would start out SSL, but where is the part that makes it begin to negotiate from SSL to the TLS? Based on my impression of what I read, I was expecting also to see something along these lines </div>
<div>�</div><div>protocol�= starttls�</div><div>�</div><div>This assumption may very well be a misconception, but how so? Thanks.</div><div>�</div><div>Or is my understanding of this process faulty, incomplete, all of the above?� :(</div>
<div>�</div><span><div style="font-size:12px;font-family:Arial"><div></div><div></div><div>�</div><div>John�</div><div>�</div><div>�</div><div>Knowledge counts. �</div></div></span><div><div class="h5"><div>�</div><div style="MARGIN:5px 0px;BORDER-TOP:#bcbcbc 1px solid">
</div><span style="font-size:12px;font-family:arial">On 12/05/12, <span>Brian Wilkins<<a href="mailto:bwilkins@gmail.com" target="_blank">bwilkins@gmail.com</a>></span> wrote:</span><div>�</div><div style="font-size:12px;font-family:arial">
>From protocol.c in the stunnel source:<br><br>static const struct {<br> � char *name;<br> � struct {<br> � PROTOCOL_PHASE type;<br> � FUNCTION func;<br> � } handlers[2];<br>} protocols[]={<br> � {"proxy", {{PROTOCOL_PRE_SSL, proxy_server}, � {PROTOCOL_PRE_SSL, NULL}}},<br>
� {"cifs", � {{PROTOCOL_PRE_CONNECT, cifs_server}, {PROTOCOL_PRE_SSL, cifs_client}}},<br> � {"pgsql", {{PROTOCOL_PRE_CONNECT, pgsql_server}, � {PROTOCOL_PRE_SSL, pgsql_client}}},<br> � {"smtp", � {{PROTOCOL_PRE_SSL, smtp_server}, {PROTOCOL_PRE_SSL, smtp_client}}},<br>
� {"pop3", � {{PROTOCOL_PRE_SSL, pop3_server}, {PROTOCOL_PRE_SSL, pop3_client}}},<br> � {"imap", � {{PROTOCOL_PRE_SSL, imap_server}, {PROTOCOL_PRE_SSL, imap_client}}},<br> � {"nntp", � {{PROTOCOL_NONE, � NULL}, � {PROTOCOL_PRE_SSL, nntp_client}}},<br>
� {"connect", {{PROTOCOL_PRE_CONNECT, connect_server}, � {PROTOCOL_PRE_SSL, connect_client}}},<br> � {NULL, � {{PROTOCOL_NONE, � NULL}, � {PROTOCOL_NONE, � NULL}}}<br>};<br><br><b>STARTTLS</b> is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted (<a title="Transport Layer Security" href="http://en.wikipedia.org/wiki/Transport_Layer_Security" target="_blank">TLS</a> or <a title="Secure Socket Layer" href="http://en.wikipedia.org/wiki/Secure_Socket_Layer" target="_blank">SSL</a>) connection instead of using a separate port for encrypted communication.<br>
<br>stunnel will use one port to communicate the encrypted information. That's what it is telling you. No need to initiate a separate port when STARTTLS is sent.<br><br><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Dec 5, 2012 at 1:27 PM, John A. Wallace <span dir="ltr"><<a href="mailto:jw72253@verizon.net" target="_blank">jw72253@verizon.net</a>></span> wrote:<br><blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<u></u><div><p dir="ltr"><span lang="en-us"><font face="Calibri">The Service Level Options of the manual</font></span><span lang="en-us"> <font face="Calibri">includes</font></span><span lang="en-us"><font face="Calibri"> the following point</font></span><span lang="en-us"><font face="Calibri">s:</font></span></p>
<p dir="ltr"><span lang="en-us"><b></b></span><span lang="en-us"><b></b></span><span lang="en-us"><b></b></span><a name="13b6d4d4a8cc1e71_13b6c533af526871_"><span lang="en-us"><b><font face="Times New Roman">protocol = proto</font></b></span></a><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"></span></p>
<ul dir="ltr"><ul dir="ltr"><p dir="ltr"><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"><font face="Times New Roman">application protocol to negotiate SSL (e.g.</font></span><span lang="en-us"><i></i></span><span lang="en-us"><i></i></span><span lang="en-us"><i> <font face="Times New Roman">starttls</font></i></span><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"><font face="Times New Roman"> or</font></span><span lang="en-us"><i></i></span><span lang="en-us"><i></i></span><span lang="en-us"><i> <font face="Times New Roman">stls</font></i></span><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"><font face="Times New Roman">)</font></span></p>
<p dir="ltr"><span lang="en-us"><i></i></span><span lang="en-us"><i></i></span><span lang="en-us"><i><font face="Times New Roman">protocol</font></i></span><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"><font face="Times New Roman"> option should not be used with SSL encryption on a separate port.</font></span></p>
<p dir="ltr"><span lang="en-us"><font face="Times New Roman">Currently supported protocols:</font></span></p></ul></ul><p dir="ltr"><span lang="en-us"><b><i><font face="Calibri">CIFS</font></i></b></span></p><p dir="ltr">
<span lang="en-us"><b><i><font face="Calibri">Connect</font></i></b></span></p><p dir="ltr"><span lang="en-us"><b><i><font face="Calibri">Etc..</font></i></b></span><span lang="en-us"><b><i></i></b></span></p><p dir="ltr">
<span lang="en-us"></span></p><p dir="ltr"><span lang="en-us"></span></p><p dir="ltr"><span lang="en-us"><font face="Calibri">However,</font></span><span lang="en-us"> <font face="Calibri">in the list</font></span><span lang="en-us"><font face="Calibri">ed</font></span><span lang="en-us"><font face="Calibri"> protocols supported neither</font></span><span lang="en-us"> <font face="Calibri">�</font></span><span lang="en-us"><font face="Calibri">starttls</font></span><span lang="en-us"><font face="Calibri">�</font></span><span lang="en-us"><font face="Calibri"> or</font></span><span lang="en-us"> <font face="Calibri">�</font></span><span lang="en-us"><font face="Calibri">stls</font></span><span lang="en-us"><font face="Calibri">�</font></span><span lang="en-us"><font face="Calibri"> appears</font></span><span lang="en-us"><font face="Calibri">, even though they appear to be options as far as I can see</font></span><span lang="en-us"> <font face="Calibri">from the above explanation.�</font></span><span lang="en-us"> <font face="Calibri">Am I missing something here, or s</font></span><span lang="en-us"><font face="Calibri">hould they be among those in the list, and can one use this setting:</font></span></p>
<p dir="ltr"><span lang="en-us"></span></p><p dir="ltr"><span lang="en-us"><font face="Calibri">Protocol=starttls</font></span></p><br><p dir="ltr"><span lang="en-us"><font face="Calibri">Also, I don</font></span><span lang="en-us"><font face="Calibri">�</font></span><span lang="en-us"><font face="Calibri">t really understand</font></span><span lang="en-us"> <font face="Calibri">what this</font></span><span lang="en-us"> <font face="Calibri">statement</font></span><span lang="en-us"><font face="Calibri"> is telling me:</font></span><span lang="en-us"> <font face="Calibri">�</font></span><span lang="en-us"><i></i></span><span lang="en-us"><i></i></span><span lang="en-us"><i><font face="Times New Roman">protocol</font></i></span><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"><font face="Times New Roman"> option should not be used with SSL encryption on a separate port.</font></span><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"><font face="Times New Roman">�</font></span><span><font color="#888888"><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"></span></font></span></p>
<span><font color="#888888"></font><p dir="ltr"><font color="#888888"><span lang="en-us"></span></font></p><p dir="ltr"><span lang="en-us"></span></p><p dir="ltr"><span lang="en-us"></span><span lang="en-us"></span><span lang="en-us"><font face="Calibri">John A. Wallace</font></span></p>
<p dir="ltr"><span lang="en-us"></span></p></span></div><br>_______________________________________________<br>stunnel-users mailing list<br><a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br><br></blockquote></div><br></div></div></div></div></div>
<br>_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br></blockquote></div><br></div>