[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Mon May 25 06:17:38 UTC 2020
The branch master has been updated
via f7201301ef001b70109d7007a37525e233d30907 (commit)
from 9c47a3386d6733512b72f5fab43bffba6a1fe72b (commit)
- Log -----------------------------------------------------------------
commit f7201301ef001b70109d7007a37525e233d30907
Author: Marc <34656315+MarcT512 at users.noreply.github.com>
Date: Wed May 20 01:25:10 2020 +0100
s_client: Fix -proxy flag regression
s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2.
openssl s_client -connect <target> -proxy <proxy_host:proxy_port>
Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target.
Fixes https://github.com/openssl/openssl/issues/11879
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11880)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 46 +++++++++++++++++++++++++++++++---------------
1 file changed, 31 insertions(+), 15 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index e21a23da75..886b2cd8d6 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -921,6 +921,7 @@ int s_client_main(int argc, char **argv)
char *connectstr = NULL, *bindstr = NULL;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
char *chCApath = NULL, *chCAfile = NULL, *chCAstore = NULL, *host = NULL;
+ char *thost = NULL, *tport = NULL;
char *port = OPENSSL_strdup(PORT);
char *bindhost = NULL, *bindport = NULL;
char *passarg = NULL, *pass = NULL;
@@ -1599,37 +1600,49 @@ int s_client_main(int argc, char **argv)
goto opthelp;
}
#endif
- if (proxystr != NULL) {
+
+ if (connectstr != NULL) {
int res;
char *tmp_host = host, *tmp_port = port;
- if (connectstr == NULL) {
- BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog);
- goto opthelp;
- }
- res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
+
+ res = BIO_parse_hostserv(connectstr, &host, &port, BIO_PARSE_PRIO_HOST);
if (tmp_host != host)
OPENSSL_free(tmp_host);
if (tmp_port != port)
OPENSSL_free(tmp_port);
if (!res) {
BIO_printf(bio_err,
- "%s: -proxy argument malformed or ambiguous\n", prog);
+ "%s: -connect argument or target parameter malformed or ambiguous\n",
+ prog);
goto end;
}
- } else {
- int res = 1;
+ }
+
+ if (proxystr != NULL) {
+ int res;
char *tmp_host = host, *tmp_port = port;
- if (connectstr != NULL)
- res = BIO_parse_hostserv(connectstr, &host, &port,
- BIO_PARSE_PRIO_HOST);
+
+ if (host == NULL || port == NULL) {
+ BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog);
+ goto opthelp;
+ }
+
+ /* Retain the original target host:port for use in the HTTP proxy connect string */
+ thost = OPENSSL_strdup(host);
+ tport = OPENSSL_strdup(port);
+ if (thost == NULL || tport == NULL) {
+ BIO_printf(bio_err, "%s: out of memory\n", prog);
+ goto end;
+ }
+
+ res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
if (tmp_host != host)
OPENSSL_free(tmp_host);
if (tmp_port != port)
OPENSSL_free(tmp_port);
if (!res) {
BIO_printf(bio_err,
- "%s: -connect argument or target parameter malformed or ambiguous\n",
- prog);
+ "%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
}
@@ -2389,7 +2402,8 @@ int s_client_main(int argc, char **argv)
}
break;
case PROTO_CONNECT:
- if (!OSSL_HTTP_proxy_connect(sbio, host, port, proxyuser, proxypass,
+ /* Here we must use the connect string target host & port */
+ if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
break;
@@ -3138,6 +3152,8 @@ int s_client_main(int argc, char **argv)
OPENSSL_free(bindstr);
OPENSSL_free(host);
OPENSSL_free(port);
+ OPENSSL_free(thost);
+ OPENSSL_free(tport);
X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
More information about the openssl-commits
mailing list