mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

s_client -proxy / -starttls shouldn't be mutually exclusive

Browse Source 
The option -proxy of openssl s_client works fine. The option
-starttls also works fine. However, try putting both of them
on command line. It breaks, these options don't work together.

The problem is that -proxy option is implemented using starttls_proto
(the option parsing code sets it to PROTO_CONNECT) and -starttls option
overwrites the same variable again based on argument value.

The suggested fix is to independently handle -proxy option before
-starttls so the s_client can connect through HTTP proxy server and
then use STARTTLS command.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17925)
This commit is contained in:
Vita Batrla 2022-03-18 22:02:50 +01:00 committed by Tomas Mraz
parent de56f726e1
commit 802cacf34f
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apps/s_client.c
View File

@ -713,7 +713,6 @@ typedef enum PROTOCOL_choice {
PROTO_TELNET,
PROTO_XMPP,
PROTO_XMPP_SERVER,
PROTO_CONNECT,
PROTO_IRC,
PROTO_MYSQL,
PROTO_POSTGRES,
@ -1002,7 +1001,6 @@ int s_client_main(int argc, char **argv)
break;
case OPT_PROXY:
proxystr = opt_arg();
starttls_proto = PROTO_CONNECT;
break;
case OPT_PROXY_USER:
proxyuser = opt_arg();
@ -2201,6 +2199,13 @@ int s_client_main(int argc, char **argv)
sbuf_len = 0;
sbuf_off = 0;
if (proxystr != NULL) {
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
}
switch ((PROTOCOL_CHOICE) starttls_proto) {
case PROTO_OFF:
break;
@ -2388,12 +2393,6 @@ int s_client_main(int argc, char **argv)
goto shut;
}
break;
case PROTO_CONNECT:
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
break;
case PROTO_IRC:
{
int numeric;