[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Tue Jan 24 23:40:59 UTC 2017
The branch master has been updated
via ec2a0e60652c0e61e90dde367756c5d92cd882d3 (commit)
from 9d6fcd4295fef7ebc4232aab85718a99d36cc50a (commit)
- Log -----------------------------------------------------------------
commit ec2a0e60652c0e61e90dde367756c5d92cd882d3
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Oct 5 12:37:58 2016 +0200
s_client: Better response success check for CONNECT
Instead of looking for "200" and "established" (and failing all other
2xx responses or "Established"), let's look for a line that's not a
header (i.e. doesn't contain a ':') and where the first space is
followed by a '2'.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1664)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 40 ++++++++++++++++++++++++++++++----------
1 file changed, 30 insertions(+), 10 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index f6b556d..5307eab 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2020,24 +2020,44 @@ int s_client_main(int argc, char **argv)
break;
case PROTO_CONNECT:
{
- int foundit = 0;
+ enum {
+ error_proto, /* Wrong protocol, not even HTTP */
+ error_connect, /* CONNECT failed */
+ success
+ } foundit = error_connect;
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr);
(void)BIO_flush(fbio);
- /* wait for multi-line response to end CONNECT response */
- do {
- mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- if (strstr(mbuf, "200") != NULL
- && strstr(mbuf, "established") != NULL)
- foundit++;
- } while (mbuf_len > 3 && foundit == 0);
+ /*
+ * The first line is the HTTP response. According to RFC 7230,
+ * it's formated exactly like this:
+ *
+ * HTTP/d.d ddd Reason text\r\n
+ */
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (mbuf[8] != ' ') {
+ BIO_printf(bio_err,
+ "%s: HTTP CONNECT failed, incorrect response "
+ "from proxy\n", prog);
+ foundit = error_proto;
+ } else if (mbuf[9] != '2') {
+ BIO_printf(bio_err, "%s: HTTP CONNECT failed: %s ", prog,
+ &mbuf[9]);
+ } else {
+ foundit = success;
+ }
+ if (foundit != error_proto) {
+ /* Read past all following headers */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ } while (mbuf_len > 2);
+ }
(void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
- if (!foundit) {
- BIO_printf(bio_err, "%s: HTTP CONNECT failed\n", prog);
+ if (foundit != success) {
goto shut;
}
}
More information about the openssl-commits
mailing list