[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Wed Dec 29 15:57:05 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via c680b3f9c1ed6f70d68c3c597ee4e99b4ce0fa55 (commit)
from 5da141ff6c617505777bee174bab8d58f8b7cae5 (commit)
- Log -----------------------------------------------------------------
commit c680b3f9c1ed6f70d68c3c597ee4e99b4ce0fa55
Author: Matt Caswell <matt at openssl.org>
Date: Thu Dec 9 16:27:47 2021 +0000
Ensure s_client sends SNI data when used with -proxy
The use of -proxy prevented s_client from correctly sending the target
hostname as SNI data.
Fixes #17232
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17249)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/apps/s_client.c b/apps/s_client.c
index 121cd1444f..00effc8037 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv)
struct timeval tv;
#endif
const char *servername = NULL;
+ char *sname_alloc = NULL;
int noservername = 0;
const char *alpn_in = NULL;
tlsextctx tlsextcbp = { NULL, 0 };
@@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv)
"%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
+ if (servername == NULL && !noservername) {
+ res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);
+ if (!res) {
+ BIO_printf(bio_err,
+ "%s: -connect argument malformed or ambiguous\n", prog);
+ goto end;
+ }
+ servername = sname_alloc;
+ }
} else {
int res = 1;
char *tmp_host = host, *tmp_port = port;
@@ -3149,6 +3159,7 @@ int s_client_main(int argc, char **argv)
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
#endif
+ OPENSSL_free(sname_alloc);
OPENSSL_free(connectstr);
OPENSSL_free(bindstr);
OPENSSL_free(bindhost);
More information about the openssl-commits
mailing list