转自:http://www.codeproject.com/Articles/98355/SMTP-Client-with-SSL-TLS
There are 2 kinds of secure connections for SMTP, one is SSL and the other is TLS. Some SMTP servers support only one kind and some support both. Generally speaking, the port for SSL is 465, and the port for TLS is 587, but this is not always the case. In addition to the ports being different, SMTP/SSL is different than SMTP/TLS in that, SMTP/SSL negotiates an encrypted connection directly after the underlying TCP connection has been established, while SMTP/TLS requires that the client send a STARTLS
command to the server before they negotiate an encrypted connection.
The steps involved in SMTP/SSL are as follows:
- The client connects to the server using TCP.
- The client negotiates an encrypted connection with the server.
- The server sends a welcome message using the encrypted connection to the client.
- The client sends a EHLO command using the encrypted connection to the server.
- The server responds to the EHLO command using the encrypted connection.
The steps involved in SMTP/TLS are as follows:
- The client connects to the server using TCP.
- The server sends a welcome message using the un-encrypted connection to the client.
- The client sends a EHLO command using the un-encrypted connection to the server.
- The server responds to the EHLO command using the un-encrypted connection.
- The client sends a
STARTTLS
command using the un-encrypted connection to the server. - The server responds to the
STARTTLS
command using the un-encrypted connection. - The client negotiates an encrypted connection with the server.
- The client sends a EHLO command using the encrypted connection to the server.
- The server responds to the EHLO command using the encrypted connection.
1.Analyze:
According to the conclusion(1)of return value of SSL_shutdown:
a.Return code 0 indicates that the application issued the SSL_shutdown function first. Continue issuing the SSL_shutdown function until you receive return code 1, which indicates the remote application has also shut down.
b.SSL_shutdown() supports both uni- and bidirectional shutdown by its 22.sample:
step behaviour. c.When the application is the first party to send the "close notify" alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and willbe kept in cache). SSL_shutdown() will then return with 0. If a unidi-rectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's "close notify" shutdown alert. On success, the second call to SSL_shutdown() will return with 1.
ret = SSL_shutdown(ssl);/*First call*/
printf("line=%d,ret=%d\n",__LINE__,ret);
if(ret != 1)
SSL_shutdown(ssl);/*Call again*/
done:
/*end socket */
close(sockfd);
SSL_free(ssl);
SSL_CTX_free(ctx);
ERR_free_strings();