[openssl] master update

Matt Caswell matt at openssl.org
Wed Dec 29 15:53:20 UTC 2021


The branch master has been updated
       via  ea24196ef224d3aa3aaecb8000004bb7a0a100a2 (commit)
      from  ff7cdc15875293a330831a80d83edbafd25a9d36 (commit)


- Log -----------------------------------------------------------------
commit ea24196ef224d3aa3aaecb8000004bb7a0a100a2
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Dec 9 16:27:47 2021 +0000

    Ensure s_client sends SNI data when used with -proxy
    
    The use of -proxy prevented s_client from correctly sending the target
    hostname as SNI data.
    
    Fixes #17232
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17248)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apps/s_client.c b/apps/s_client.c
index cdff15a1b6..1d73e1b39e 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -847,6 +847,7 @@ int s_client_main(int argc, char **argv)
     struct timeval tv;
 #endif
     const char *servername = NULL;
+    char *sname_alloc = NULL;
     int noservername = 0;
     const char *alpn_in = NULL;
     tlsextctx tlsextcbp = { NULL, 0 };
@@ -1541,6 +1542,14 @@ int s_client_main(int argc, char **argv)
             goto opthelp;
         }
 
+        if (servername == NULL && !noservername) {
+            servername = sname_alloc = OPENSSL_strdup(host);
+            if (sname_alloc == NULL) {
+                BIO_printf(bio_err, "%s: out of memory\n", prog);
+                goto end;
+            }
+        }
+
         /* Retain the original target host:port for use in the HTTP proxy connect string */
         thost = OPENSSL_strdup(host);
         tport = OPENSSL_strdup(port);
@@ -3053,6 +3062,7 @@ int s_client_main(int argc, char **argv)
 #ifndef OPENSSL_NO_SRP
     OPENSSL_free(srp_arg.srppassin);
 #endif
+    OPENSSL_free(sname_alloc);
     OPENSSL_free(connectstr);
     OPENSSL_free(bindstr);
     OPENSSL_free(bindhost);


More information about the openssl-commits mailing list