From: Matt Caswell <matt@openssl.org>
Date: Thu, 9 Dec 2021 16:27:47 +0000 (+0000)
Subject: Ensure s_client sends SNI data when used with -proxy
X-Git-Tag: openssl-3.2.0-alpha1~3164
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea24196ef224d3aa3aaecb8000004bb7a0a100a2;p=thirdparty%2Fopenssl.git

Ensure s_client sends SNI data when used with -proxy

The use of -proxy prevented s_client from correctly sending the target
hostname as SNI data.

Fixes #17232

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17248)
---

diff --git a/apps/s_client.c b/apps/s_client.c
index cdff15a1b60..1d73e1b39ec 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -847,6 +847,7 @@ int s_client_main(int argc, char **argv)
     struct timeval tv;
 #endif
     const char *servername = NULL;
+    char *sname_alloc = NULL;
     int noservername = 0;
     const char *alpn_in = NULL;
     tlsextctx tlsextcbp = { NULL, 0 };
@@ -1541,6 +1542,14 @@ int s_client_main(int argc, char **argv)
             goto opthelp;
         }
 
+        if (servername == NULL && !noservername) {
+            servername = sname_alloc = OPENSSL_strdup(host);
+            if (sname_alloc == NULL) {
+                BIO_printf(bio_err, "%s: out of memory\n", prog);
+                goto end;
+            }
+        }
+
         /* Retain the original target host:port for use in the HTTP proxy connect string */
         thost = OPENSSL_strdup(host);
         tport = OPENSSL_strdup(port);
@@ -3053,6 +3062,7 @@ int s_client_main(int argc, char **argv)
 #ifndef OPENSSL_NO_SRP
     OPENSSL_free(srp_arg.srppassin);
 #endif
+    OPENSSL_free(sname_alloc);
     OPENSSL_free(connectstr);
     OPENSSL_free(bindstr);
     OPENSSL_free(bindhost);