openssl c_lient http proxy

Mon, 12 Jan 2015 04:00:18 -0800 

Hi,

I have always missed the possiblility to use the openssl c_lient
tool with an http proxy.  So I implemented a -proxy feature in the
same hackish way as -starttls.

Do we want that option?

bluhm

Index: usr.bin/openssl/s_client.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.11
diff -u -p -r1.11 s_client.c
--- usr.bin/openssl/s_client.c  14 Dec 2014 14:42:06 -0000      1.11
+++ usr.bin/openssl/s_client.c  9 Jan 2015 23:44:21 -0000
@@ -204,6 +204,7 @@ sc_usage(void)
        BIO_printf(bio_err, " -host host     - use -connect instead\n");
        BIO_printf(bio_err, " -port port     - use -connect instead\n");
        BIO_printf(bio_err, " -connect host:port - who to connect to (default 
is %s:%s)\n", SSL_HOST_NAME, PORT_STR);
+       BIO_printf(bio_err, " -proxy host:port - connect to http proxy\n");
 
        BIO_printf(bio_err, " -verify arg   - turn on peer certificate 
verification\n");
        BIO_printf(bio_err, " -cert arg     - certificate file to use, PEM 
format assumed\n");
@@ -338,6 +339,7 @@ s_client_main(int argc, char **argv)
        char *port = PORT_STR;
        int full_log = 1;
        char *host = SSL_HOST_NAME;
+       char *proxy = NULL, *connect = SSL_HOST_NAME;
        char *cert_file = NULL, *key_file = NULL;
        int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
        char *passarg = NULL, *pass = NULL;
@@ -412,7 +414,17 @@ s_client_main(int argc, char **argv)
                } else if (strcmp(*argv, "-connect") == 0) {
                        if (--argc < 1)
                                goto bad;
-                       if (!extract_host_port(*(++argv), &host, NULL, &port))
+                       connect = *(++argv);
+                       if (proxy == NULL) {
+                               if (!extract_host_port(connect, &host, NULL,
+                                   &port))
+                                       goto bad;
+                       }
+               } else if (strcmp(*argv, "-proxy") == 0) {
+                       if (--argc < 1)
+                               goto bad;
+                       proxy = *(++argv);
+                       if (!extract_host_port(proxy, &host, NULL, &port))
                                goto bad;
                } else if (strcmp(*argv, "-verify") == 0) {
                        verify = SSL_VERIFY_PEER;
@@ -971,8 +983,7 @@ re_start:
                BIO_free(fbio);
                BIO_printf(sbio, "AUTH TLS\r\n");
                BIO_read(sbio, sbuf, BUFSIZZ);
-       }
-       if (starttls_proto == PROTO_XMPP) {
+       } else if (starttls_proto == PROTO_XMPP) {
                int seen = 0;
                BIO_printf(sbio, "<stream:stream "
                    "xmlns:stream='http://etherx.jabber.org/streams' "
@@ -991,6 +1002,13 @@ re_start:
                if (!strstr(sbuf, "<proceed"))
                        goto shut;
                mbuf[0] = 0;
+       } else if (proxy) {
+               BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", connect);
+               mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+               if (mbuf_len == -1) {
+                       BIO_printf(bio_err, "BIO_read failed\n");
+                       goto end;
+               }
        }
        for (;;) {
                struct pollfd pfd[3];   /* stdin, stdout, socket */

Reply via email to