[stunnel-users] RFC 2487 test in smtp_server not reliable

Hans Werner Strube strube at physik3.gwdg.de
Tue Aug 22 10:55:12 CEST 2006


In protocol.c, function smtp_server(), a test for plain SSL or STARTTLS
usage (RFC 2487) is based on the availability of data from the client
(c->local_rfd.fd). This works well in fast LANs but often fails for WAN
connections through slow V90 modems. Especially with new Mozilla-based clients
(also KMail and Evolution reported by other users) under Windows XP SP2 the
test for data fails almost always, incorrectly resulting in an RFC 2487
handshake with error "Unknown client EHLO". This depends to some extent on
the client: Outlook Express mostly works, Mozilla 1.7.x often worked after
initial failure, SeaMonkey 1.x always fails.

This seems to be a timing problem. I tried inserting a "usleep(50000);"
before the switch(s_poll_wait(...)), which made SSL work with SeaMonkey
(but often not for the first mail-sending attempt). Unfortunately, in
Solaris 7 (where I tested stunnel), usleep is not yet thread-safe, maybe
nanosleep(...,...) is preferable. Instead of waiting, a better method would
be to have a finer timeout resolution than 1 sec in s_poll_wait(...,...);
setting the timeout to 1 (sec) would be too embarrassing for TLS
connections. But this would require major changes in the sources.



More information about the stunnel-users mailing list