From 82a9120112a723a6317352135beb125bbe4c6fc3 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 12 Jan 2015 23:14:35 +0100
Subject: [PATCH] gnutls-cli: added --starttls-proto option

---
 src/cli-args.def | 12 ++++++++++++
 src/cli.c        |  6 ++++++
 src/socket.c     |  9 ++++++++-
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/cli-args.def b/src/cli-args.def
index 05a4639..f2df073 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -88,6 +88,18 @@ flag = {
 };
 
 flag = {
+    name      = app-proto;
+    aliases   = starttls-proto;
+};
+
+flag = {
+    name      = starttls-proto;
+    descrip   = "The application protocol to be used to obtain the server's certificate (https, smtp, imap)";
+    arg-type  = string;
+    doc       = "Specify the application layer protocol for STARTTLS. If the protocol is supported, gnutls-cli will proceed to the TLS negotiation.";
+};
+
+flag = {
     name      = udp;
     value     = u;
     descrip   = "Use DTLS (datagram TLS) over UDP";
diff --git a/src/cli.c b/src/cli.c
index 613cf4d..371b4d3 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -856,6 +856,9 @@ static int try_resume(socket_st * hd)
 	    ("\n\n- Connecting again- trying to resume previous session\n");
 	socket_open(hd, hostname, service, udp, CONNECT_MSG);
 
+	if (HAVE_OPT(STARTTLS_PROTO))
+	        socket_starttls(hd, OPT_ARG(STARTTLS_PROTO));
+
 	hd->session = init_tls_session(hostname);
 	gnutls_session_set_data(hd->session, session_data,
 				session_data_size);
@@ -1131,6 +1134,9 @@ int main(int argc, char **argv)
 	socket_open(&hd, hostname, service, udp, CONNECT_MSG);
 	hd.verbose = verbose;
 
+	if (HAVE_OPT(STARTTLS_PROTO))
+	        socket_starttls(&hd, OPT_ARG(STARTTLS_PROTO));
+
 	hd.session = init_tls_session(hostname);
 	if (starttls)
 		goto after_handshake;
diff --git a/src/socket.c b/src/socket.c
index 7f17eed..262c91d 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -180,18 +180,25 @@ socket_starttls(socket_st * socket, const char *app_proto)
 		return;
 
 	if (strcasecmp(app_proto, "smtp") == 0 || strcasecmp(app_proto, "submission") == 0) {
+		if (socket->verbose)
+			printf("Negotiating SMTP STARTTLS\n");
+
 		wait_for_text(socket->fd, "220 ", 4);
 		send_line(socket->fd, "EHLO mail.example.com\n");
 		wait_for_text(socket->fd, "250 ", 4);
 		send_line(socket->fd, "STARTTLS\n");
 		wait_for_text(socket->fd, "220 ", 4);
 	} else if (strcasecmp(app_proto, "imap") == 0 || strcasecmp(app_proto, "imap2") == 0) {
+		if (socket->verbose)
+			printf("Negotiating IMAP STARTTLS\n");
+
 		send_line(socket->fd, "a CAPABILITY\r\n");
 		wait_for_text(socket->fd, "a OK", 4);
 		send_line(socket->fd, "a STARTTLS\r\n");
 		wait_for_text(socket->fd, "a OK", 4);
 	} else {
-		/*fprintf(stderr, "unknown protocol %s\n", app_proto);*/
+		if (socket->verbose)
+			fprintf(stderr, "unknown protocol %s\n", app_proto);
 	}
 
 	return;
-- 
2.1.4