Fix CONNECT request for IPv6 targets in OSSL_HTTP_proxy_connect

When server contains a bare IPv6 address, OSSL_HTTP_proxy_connect() must
wrap it in square brackets for the CONNECT request line (e.g.,
CONNECT [::1]:443 HTTP/1.0).  Also handle the case where the server
string already includes brackets (as returned by OSSL_HTTP_parse_url).

Fixes: 29f178bddfdb ("Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c")
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Tue Mar 24 17:32:06 2026
(Merged from https://github.com/openssl/openssl/pull/30384)

(cherry picked from commit b721a59fef180311d62a932c2d5be8a83942cbbe)

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 16f263d3275c8f9e1dfdba541317ebfed3423493..f9f7bff0d11d522b7059f77121cecd28654f740e 100644 (file)
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1466,7 +1466,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
     }
     BIO_push(fbio, bio);
 
-    BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
+    /* Add square brackets around a naked IPv6 address */
+    if (server[0] != '[' && strchr(server, ':') != NULL)
+        BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port);
+    else
+        BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
 
     /*
      * Workaround for broken proxies which would otherwise close