[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Wed Dec 29 15:57:05 UTC 2021


The branch OpenSSL_1_1_1-stable has been updated
       via  c680b3f9c1ed6f70d68c3c597ee4e99b4ce0fa55 (commit)
      from  5da141ff6c617505777bee174bab8d58f8b7cae5 (commit)


- Log -----------------------------------------------------------------
commit c680b3f9c1ed6f70d68c3c597ee4e99b4ce0fa55
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Dec 9 16:27:47 2021 +0000

    Ensure s_client sends SNI data when used with -proxy
    
    The use of -proxy prevented s_client from correctly sending the target
    hostname as SNI data.
    
    Fixes #17232
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17249)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/s_client.c b/apps/s_client.c
index 121cd1444f..00effc8037 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv)
     struct timeval tv;
 #endif
     const char *servername = NULL;
+    char *sname_alloc = NULL;
     int noservername = 0;
     const char *alpn_in = NULL;
     tlsextctx tlsextcbp = { NULL, 0 };
@@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv)
                        "%s: -proxy argument malformed or ambiguous\n", prog);
             goto end;
         }
+        if (servername == NULL && !noservername) {
+            res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);
+            if (!res) {
+                BIO_printf(bio_err,
+                        "%s: -connect argument malformed or ambiguous\n", prog);
+                goto end;
+            }
+            servername = sname_alloc;
+        }
     } else {
         int res = 1;
         char *tmp_host = host, *tmp_port = port;
@@ -3149,6 +3159,7 @@ int s_client_main(int argc, char **argv)
 #ifndef OPENSSL_NO_SRP
     OPENSSL_free(srp_arg.srppassin);
 #endif
+    OPENSSL_free(sname_alloc);
     OPENSSL_free(connectstr);
     OPENSSL_free(bindstr);
     OPENSSL_free(bindhost);


More information about the openssl-commits mailing list