From 770215dbfdffd0a37d0c051092ae441070eec260 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Fri, 10 Feb 2017 00:41:17 -0500 Subject: learn SMTP STARTTLS --- Makefile | 4 ++-- config-sockets.txt | 17 ++++++++++++----- tls-getcerts.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 43520a6..d175cc3 100644 --- a/Makefile +++ b/Makefile @@ -6,10 +6,10 @@ all: index.html style.css jarmon-style/jquerytools.tabs.tabs-no-images.css jarmo index.html: tls.html.part crtsh.html.part diff.html.part jarmon.html.part crtsh.pem: crtsh-getcerts config-domains.txt NET-crtsh - ./crtsh-getcerts $$(cat config-domains.txt) > $@ + ./crtsh-getcerts $$(sed 's/#.*//' config-domains.txt) > $@ tls.pem: tls-getcerts config-sockets.txt NET-tls - ./tls-getcerts $$(cat config-sockets.txt) > $@ + ./tls-getcerts $$(sed 's/#.*//' config-sockets.txt) > $@ diff.pem: diff tls.pem crtsh.pem ./diff tls.pem crtsh.pem > $@ diff --git a/config-sockets.txt b/config-sockets.txt index c064f2b..4e40ab9 100644 --- a/config-sockets.txt +++ b/config-sockets.txt @@ -1,7 +1,14 @@ -tcp://proton.parabola.nu:443 +tcp://parabola.nu:5222/xmpp +#tcp://proton.parabola.nu:443 tcp://proton.parabola.nu:465 +tcp://proton.parabola.nu:587/smtp + tcp://winston.parabola.nu:443 -tcp://lukeshu.com:443 -tcp://team4272.com:443 -tcp://parabola.nu:5222/xmpp -tcp://andrewdm.me:443 + +tcp://ramhost.lukeshu.com:443 + +tcp://mav.lukeshu.com:443 +#tcp://mav.lukeshu.com:25/smtp +tcp://mav.lukeshu.com:587/smtp + +tcp://neo.andrewdm.me:443 diff --git a/tls-getcerts.go b/tls-getcerts.go index d598d27..d386b90 100644 --- a/tls-getcerts.go +++ b/tls-getcerts.go @@ -8,6 +8,7 @@ import ( "fmt" "io" "net" + "net/textproto" "net/url" "os" "strings" @@ -62,6 +63,47 @@ func xmppStartTLS(connRaw net.Conn, host string) error { return nil } +// smtpCmd is a convenience function that sends a command, and reads +// (but discards) the response +func smtpCmd(tp *textproto.Conn, expectCode int, format string, args ...interface{}) error { + id, err := tp.Cmd(format, args...) + if err != nil { + return err + } + tp.StartResponse(id) + defer tp.EndResponse(id) + _, _, err = tp.ReadResponse(expectCode) + return err +} + +func smtpStartTLS(connRaw net.Conn, host string) error { + tp := textproto.NewConn(connRaw) + + // let the server introduce itself + _, _, err := tp.ReadResponse(220) + if err != nil { + return err + } + // introduce ourself + localhost, err := os.Hostname() + if err != nil { + localhost = "localhost" + } + err = smtpCmd(tp, 250, "EHLO %s", localhost) + if err != nil { + err := smtpCmd(tp, 250, "HELO %s", localhost) + if err != nil { + return err + } + } + // starttls + err = smtpCmd(tp, 220, "STARTTLS") + if err != nil { + return err + } + return nil +} + func getcert(socket string) (*x509.Certificate, error) { u, err := url.Parse(socket) if err != nil { @@ -85,6 +127,11 @@ func getcert(socket string) (*x509.Certificate, error) { if err != nil { return nil, err } + case "/smtp": + err = smtpStartTLS(connRaw, host) + if err != nil { + return nil, err + } default: return nil, fmt.Errorf("Unknown negotiation path: %q", u.Path) } -- cgit v1.2.3-54-g00ecf