From eb4b0597c9dd6d24661b9ebf421b9ef90b54dae0 Mon Sep 17 00:00:00 2001 From: bluhm Date: Tue, 13 Jan 2015 10:48:24 +0000 Subject: [PATCH] Add the possibility to use the openssl s_client tool with an http proxy. Implement the -proxy feature in the same hackish way as -starttls. OK jsing@ --- usr.bin/openssl/s_client.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/usr.bin/openssl/s_client.c b/usr.bin/openssl/s_client.c index a079c39b9e6..835b44871e1 100644 --- a/usr.bin/openssl/s_client.c +++ b/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.11 2014/12/14 14:42:06 jsing Exp $ */ +/* $OpenBSD: s_client.c,v 1.12 2015/01/13 10:48:24 bluhm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -204,6 +204,7 @@ sc_usage(void) BIO_printf(bio_err, " -host host - use -connect instead\n"); BIO_printf(bio_err, " -port port - use -connect instead\n"); BIO_printf(bio_err, " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR); + BIO_printf(bio_err, " -proxy host:port - connect to http proxy\n"); BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err, " -cert arg - certificate file to use, PEM format assumed\n"); @@ -338,6 +339,7 @@ s_client_main(int argc, char **argv) char *port = PORT_STR; int full_log = 1; char *host = SSL_HOST_NAME; + char *proxy = NULL, *connect = NULL; char *cert_file = NULL, *key_file = NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; @@ -412,8 +414,11 @@ s_client_main(int argc, char **argv) } else if (strcmp(*argv, "-connect") == 0) { if (--argc < 1) goto bad; - if (!extract_host_port(*(++argv), &host, NULL, &port)) + connect = *(++argv); + } else if (strcmp(*argv, "-proxy") == 0) { + if (--argc < 1) goto bad; + proxy = *(++argv); } else if (strcmp(*argv, "-verify") == 0) { verify = SSL_VERIFY_PEER; if (--argc < 1) @@ -624,6 +629,15 @@ s_client_main(int argc, char **argv) argc--; argv++; } + if (proxy != NULL) { + if (!extract_host_port(proxy, &host, NULL, &port)) + goto bad; + if (connect == NULL) + connect = SSL_HOST_NAME; + } else if (connect != NULL) { + if (!extract_host_port(connect, &host, NULL, &port)) + goto bad; + } if (badop) { bad: if (errstr) @@ -971,8 +985,7 @@ re_start: BIO_free(fbio); BIO_printf(sbio, "AUTH TLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } - if (starttls_proto == PROTO_XMPP) { + } else if (starttls_proto == PROTO_XMPP) { int seen = 0; BIO_printf(sbio, "