Date: Wed, 2 Nov 2005 12:35:29 +0000 From: Brian Candler <B.Candler@pobox.com> To: "Meka[ni]" <mekalists@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: openssl & gmail problem Message-ID: <20051102123529.GA36617@uk.tiscali.com> In-Reply-To: <20051102093504.64edad5f@hal9000> References: <20051102093504.64edad5f@hal9000>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 02, 2005 at 09:35:04AM +0100, Meka[ni] wrote: > Why doesn't this work: > openssl s_client -starttls smtp -connect smtp.gmail.com:25 > > I've tried adding -CApath /usr/local/share/ssl/certs (that's where I keep certs), but nothing changed. This is the error I get: > CONNECTED(000000003) > 17478:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567: > > openssl version > 0.9.7e > > /usr/local/bin/openssl version > 0.9.8a > > None of this works. Any ideas? Run tcpdump and/or ktrace to see what's happening. # tcpdump -i nv0 -n -s1500 -X tcp port 25 When I do this, I see: < 220 mx.gmail.com ESMTP g1sm241248nfe > STARTTLS < 503 5.5.1 EHLO/HELO first g1sm241248nfe I think that should be clear enough. Please feel free to submit a patch to the openssl project, so that it sends EHLO first. Remind them that you shouldn't try to use an ESMTP extension until you've first had it announced to you that the extension is available. (RFC 2821 section 4.1.1.1) "In any event, a client MUST issue HELO or EHLO before starting a mail transaction." Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051102123529.GA36617>