Re: [openssl-dev] [openssl.org #4145] Enhancement: patch to support s_client -starttls http

Wed, 18 Nov 2015 00:22:15 -0800 

Hi Bill,

thanks, this will be quite useful.

A little note, probably some missing == here:
+        else if (meth = TLSv1_2_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.2\r\n");
+        else if (meth = TLSv1_1_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.1\r\n");
+        else if (meth = TLSv1_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.0\r\n");
+

Cheers,
Yann.

On Wed, Nov 18, 2015 at 1:10 AM, William A Rowe Jr <[email protected]> wrote:
> I'm fairly certain this will be applied to 1.1.0 and not necessarily
> backported to 1.0.2, so this hack might be useful to some of you
> who want to test for the preservation of the SSLEngine optional
> Upgrade: TLS/1.0 behavior on trunk and 2.4.x branch...
>
>
>
> ---------- Forwarded message ----------
> From: William A. Rowe Jr. via RT <[email protected]>
> Date: Tue, Nov 17, 2015 at 5:26 PM
> Subject: [openssl-dev] [openssl.org #4145] Enhancement: patch to support
> s_client -starttls http
> To:
> Cc: [email protected]
>
>
> RFC 2817 defines upgrading HTTP/1.1 to TLS (or SSL).
>
> Because Apache httpd supports Connection: Upgrade and Upgrade: TLS/1.x I've
> gone ahead and instrumented s_client to support this behavior (and noted a
> small optimization in the same logic stream for starttls support).
>
> Attached is the patch to introduce this behavior.  It is a bit crufty, but
> lacking a CUPS client that did connection upgrade to TLS, I needed
> something for testing and experimentation.
>
> I don't know that there is a justification for implementing Upgrade: h2
> since this is a binary protocol that is not conducive to terminal mode :)
>
> Source licensed by me under the OpenSSL license at
> https://www.openssl.org/source/license.txt - don't see a need for a CLA,
> but email me privately if so.
>
>
> _______________________________________________
> openssl-bugs-mod mailing list
> [email protected]
> https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>

Reply via email to