Why must I sweat-blood for gmail-TLS/SSL ?!

Discussion in 'Linux Networking' started by Avoid9Pdf, Mar 11, 2013.

  1. Avoid9Pdf

    Avoid9Pdf Guest

    When I'm such a nice guy; and even the dog says so.
    ===============> `expect` log ==
    spawn openssl s_client -host smtp.gmail.com -port 587 -starttls smtp
    CONNECTED(00000004)
    depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
    verify error:num=20:unable to get local issuer certificate
    verify return:0
    ---
    Certificate chain
    0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
    Server certificate .....
    -----BEGIN CERTIFICATE-----
    MIIDgDCCAumgAwIBAgIKO3T/ewAAAABoqDANBgkqhkiG9w0BAQUFADBGMQswCQYD
    ....
    -----END CERTIFICATE----- ...
    No client certificate CA names sent
    ---
    SSL handshake has read 1951 bytes and written 339 bytes
    ....
    Verify return code: 20 (unable to get local issuer certificate)
    ---
    250 ENHANCEDSTATUSCODES <-- start after openssl dance

    EHLO gmail.com
    250-mx.google.com at your service, [41.174.54.208] <- good

    250-SIZE 35882577

    250-8BITMIME

    250-AUTH LOGIN PLAIN XOAUTH XOAUTH2

    250 ENHANCEDSTATUSCODES

    AUTH LOGIN <-- I just guessed this after PLAIN failed: IIRC
    334 VXNlcm5hbWU6

    <USER ID>
    334 UGFzc3dvcmQ6

    <USER pswd>
    235 2.7.0 Accepted <--thank you !

    MAIL FROM: <> <-- **
    250 2.1.0 OK j4sm14835914wiz.10 - gsmtp

    RCPT TO:<[email protected]> <-- valid adr in triangular brakets **
    RENEGOTIATING <-- WHAT ? WHY ?!
    DATA <-- no feedback from server, after here; except echo.
    Subject: gSMTP-TLS/SSL ? g2l ?
    Date: gSMTP: day
    Line after space-line separator
    line-2
    line-3
    line-4
    ..
    .. <-- echo of EXTRA <terminator> sent

    `expect` exited but didn't log the 'rest',
    as the following tail of expect 'should have'?
    ......
    send "Subject: gSMTP-TLS/SSL ? g2l ?\r"
    send "Date: gSMTP: day\r"
    send "Line after space-line separator\r"
    send "line-2\r"
    send "line-3\r"
    send "line-4\r"
    send ".\r"
    send ".\r"
    expect 250


    send "quit\r"
    #send "quit"
    expect OK

    exit 0
    -------- end of expect-tail

    The email didn't arrive at <Adr2>@gmail.com,
    nor at the other <[email protected]>;
    whereas LATER test-mails sent via `links` did arrive.

    Q. Is there someting obvious that I'm missing?

    == TIA.
     
    Avoid9Pdf, Mar 11, 2013
    #1
    1. Advertisements

  2. That’s documented behavior for s_client:

    If a connection is established with an SSL server then any data
    received from the server is displayed and any key presses will be
    sent to the server. When used interactively (which means neither
    -quiet nor -ign_eof have been given), the session will be
    renegotiated if the line begins with an R, and if the line begins
    with a Q or if end of file is reached, the connection will be
    closed down.
     
    Richard Kettlewell, Mar 11, 2013
    #2
    1. Advertisements

  3. Avoid9Pdf

    Avoid9Pdf Guest

    OK, thanks: that's an elaboration on the wikipedia's
    <at any time, either side may renegotiate..>

    I promised myself to not open this can-o-worms, and I've failed
    my promise. Nothing has improved since the days of 300 Baud modems.
     
    Avoid9Pdf, Mar 12, 2013
    #3
  4. Thor Kottelin, Mar 12, 2013
    #4
  5. s_client is a diagnostic tool, very useful for testing the SSL protocol
    interactions of a server, but not intended for carrying normal traffic.
    You'll have a lot less grief if you use stunnel to carry your connection.
     
    Robert Nichols, Mar 12, 2013
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.