A-Shell Development History

TCPX.SBR enhancement: STARTTLS protocol now supported via a new opcode and flag (in ashell.def):

 

Limitations: As with TLS connections (introduced in 1179.0), currently only client connections (TCPOP_CONNECT) are supported. Also, the TIMER option seems to interfere with the TLS handshaking. If having problems, turn that off and just use blocking mode, in conjunction with TCPOP_CHECK to check for data.

To initiate a STARTTLS connection, use the TCPOP_CONNECT opcode, along with the TCPXFLG_TLS and TCPXFLG_STARTTLS flags to initiate the unencrypted connection. When you want to start the TLS negotiation, use whatever unencrypted means are required to inform the server that you are about to start negotiating TLS, and then call TCPX.SBR with opcode TCPOP_STARTTLS. After the successful return (STATUS=0), you will be in encrypted mode, and the TCPXFLG_STARTTLS flag will no longer be needed. (However, as mentioned in the 1179 notes, TCPXFLG_TLS is required with EVERY call to TCPX.SBR if you are using TLS or STARTTLS protocol, including those calls prior to using TCPOP_STARTTLS.)

Note: EMAILX.SBR 5.1(121) uses this new feature to support the STARTTLS protocol extension to SMTP, permitting, for example, the use of the GMAIL SMTP server.

See the notes below under 1179 for further details about the TLS extensions to TCPX.SBR.

Linux installation requirements:

# ln -s $MIAME/bin/libashtls.so.1.0.204 /usr/lib/libashtls.so.1

Windows installation requirements:

Debugging notes: Use the "SOCKS" trace option (SET TRACE SOCKS ON) to record many details about the operation of the TLS library. For even more detail (particularparticularly about the handshaking process), also set the XDEBUG trace option.