<div dir="ltr">On Mon, Feb 25, 2008 at 10:02 PM, Philipp Hancke <span dir="ltr"><<a href="mailto:fippo@goodadvice.pages.de">fippo@goodadvice.pages.de</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="Ih2E3d">Peter Saint-Andre wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Because we want to do this:<br>   openssl s_client -connect <a href="http://example.com:5223" target="_blank">example.com:5223</a> -CAfile ca.crt<br> AFAIK there is no good way to do something similar for STARTTLS<br> connections. If you know of a way, please do let us know.<br> </blockquote> <br></div> adding a xmpp-starttls to s_client is not that difficult...<br> <br> A patch (diff against good old openssl 0.9.8d) is attached.<br> Beware, detection of the starttls stream feature is not perfectly<br> reliable. Usage:<br> `openssl s_client -connect <a href="http://example.com:5222" target="_blank">example.com:5222</a> -starttls xmpp -starttls_to<br>  <a href="http://example.com" target="_blank">example.com</a>`<br></blockquote></div><br>FYI: I'd like to see this in openssl officially, so it's been reported as <a href="http://rt.openssl.org/Ticket/Display.html?id=1730">http://rt.openssl.org/Ticket/Display.html?id=1730</a><br clear="all"> <br>-- <br>- Norman Rasmussen<br> - Email: <a href="mailto:norman@rasmussen.co.za">norman@rasmussen.co.za</a><br> - Home page: <a href="http://norman.rasmussen.co.za/">http://norman.rasmussen.co.za/</a><br> </div>