s_client's R "feature"

Tue, 17/07/2007 - 2:28pm — tumbleweed

I’ve just spent a few hours brain-haemorrhaging over why my new Postfix server wasn’t allowing me to enter “RCPT TO:” over a STARTTLS connection. Instead it would renegotiate the TLS.

Eventually I found an e-mail by Wietse Venema saying:

Victor Duchovni:
> On Mon, Jan 22, 2007 at 04:31:12PM -0500, Wietse Venema wrote: 
> > RCPT TO:<postmaster>
> > RENEGOTIATING
>
> You got bit by the "s_client" "R" feature... try "rcpt to:" lower case,
> then it hangs up.

What utter brain damage, a non-transparent SSL client program.

Read this and be warned — we are all stupid, in the eyes of the truly mad s_client

Comments

Wed, 06/08/2008 - 11:35am — lou z (not verified)

no way

Thank you. I can’t believe that was the problem.

Wed, 10/09/2008 - 1:15pm — Calum (not verified)

I’ve just

I’ve just “encountered” this.

How insane.

Wed, 17/12/2008 - 3:28am — Peter (not verified)

OMG, you are a life saver!!

OMG, you are a life saver!! :D
Thanks. I just got bit ;)

Fri, 20/03/2009 - 6:29am — benizi (not verified)

For future reference, also note that Q is 'q'uit. That one got me while I was trying to diagnose a complicated IMAP problem, where I was prefixing my commands in alphabetical order. Apparently I'd've only gotten one command further...

(This one just bit me with Postfix.)

Fri, 20/03/2009 - 7:55pm — benizi (not verified)

...and a workaround + patch/bug-report

From looking at the code I figured out that the '-ign_eof' flag will short-circuit this behavior (with the side-effect of not being able to Ctrl+D out of the session).

But the initial surprise is pretty great, and I didn't see why anyone would ever want this particular behavior, so I also filed a bug with two patches against OpenSSL.

"#1872: [PATCH] Change 'Q' and 'R' behavior in s_client" at http://rt.openssl.org/Ticket/Display.html?id=1872

Stefano's World

Navigation