]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
s_client -proxy / -starttls shouldn't be mutually exclusive
authorVita Batrla <vitezslav.batrla@oracle.com>
Fri, 18 Mar 2022 21:02:50 +0000 (22:02 +0100)
committerTomas Mraz <tomas@openssl.org>
Thu, 5 May 2022 11:36:23 +0000 (13:36 +0200)
The option -proxy of openssl s_client works fine. The option
-starttls also works fine. However, try putting both of them
on command line. It breaks, these options don't work together.

The problem is that -proxy option is implemented using starttls_proto
(the option parsing code sets it to PROTO_CONNECT) and -starttls option
overwrites the same variable again based on argument value.

The suggested fix is to independently handle -proxy option before
-starttls so the s_client can connect through HTTP proxy server and
then use STARTTLS command.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17925)

apps/s_client.c

index e4972a2ec719d2961d0d2163e8a45b611b267d20..1ed5f753e6dc9e63eedfe040f3b9b123386cceae 100644 (file)
@@ -713,7 +713,6 @@ typedef enum PROTOCOL_choice {
     PROTO_TELNET,
     PROTO_XMPP,
     PROTO_XMPP_SERVER,
-    PROTO_CONNECT,
     PROTO_IRC,
     PROTO_MYSQL,
     PROTO_POSTGRES,
@@ -1002,7 +1001,6 @@ int s_client_main(int argc, char **argv)
             break;
         case OPT_PROXY:
             proxystr = opt_arg();
-            starttls_proto = PROTO_CONNECT;
             break;
         case OPT_PROXY_USER:
             proxyuser = opt_arg();
@@ -2201,6 +2199,13 @@ int s_client_main(int argc, char **argv)
     sbuf_len = 0;
     sbuf_off = 0;
 
+    if (proxystr != NULL) {
+        /* Here we must use the connect string target host & port */
+        if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
+                                     0 /* no timeout */, bio_err, prog))
+            goto shut;
+    }
+
     switch ((PROTOCOL_CHOICE) starttls_proto) {
     case PROTO_OFF:
         break;
@@ -2388,12 +2393,6 @@ int s_client_main(int argc, char **argv)
                 goto shut;
         }
         break;
-    case PROTO_CONNECT:
-        /* Here we must use the connect string target host & port */
-        if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
-                                     0 /* no timeout */, bio_err, prog))
-            goto shut;
-        break;
     case PROTO_IRC:
         {
             int numeric;