diff options
| author | bluhm <> | 2015-01-13 10:48:24 +0000 |
|---|---|---|
| committer | bluhm <> | 2015-01-13 10:48:24 +0000 |
| commit | f50f23d369e87abfb087e13c58e861dbd168a9b1 (patch) | |
| tree | 91a5561d3205520c7ce3d3889cee6c9866ea8911 /src | |
| parent | 75435651a50b36d1e85f4eb4bd3df1f842912952 (diff) | |
| download | openbsd-f50f23d369e87abfb087e13c58e861dbd168a9b1.tar.gz openbsd-f50f23d369e87abfb087e13c58e861dbd168a9b1.tar.bz2 openbsd-f50f23d369e87abfb087e13c58e861dbd168a9b1.zip | |
Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/s_client.c | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index a079c39b9e..835b44871e 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_client.c,v 1.11 2014/12/14 14:42:06 jsing Exp $ */ | 1 | /* $OpenBSD: s_client.c,v 1.12 2015/01/13 10:48:24 bluhm Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -204,6 +204,7 @@ sc_usage(void) | |||
| 204 | BIO_printf(bio_err, " -host host - use -connect instead\n"); | 204 | BIO_printf(bio_err, " -host host - use -connect instead\n"); |
| 205 | BIO_printf(bio_err, " -port port - use -connect instead\n"); | 205 | BIO_printf(bio_err, " -port port - use -connect instead\n"); |
| 206 | BIO_printf(bio_err, " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR); | 206 | BIO_printf(bio_err, " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR); |
| 207 | BIO_printf(bio_err, " -proxy host:port - connect to http proxy\n"); | ||
| 207 | 208 | ||
| 208 | BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n"); | 209 | BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n"); |
| 209 | BIO_printf(bio_err, " -cert arg - certificate file to use, PEM format assumed\n"); | 210 | BIO_printf(bio_err, " -cert arg - certificate file to use, PEM format assumed\n"); |
| @@ -338,6 +339,7 @@ s_client_main(int argc, char **argv) | |||
| 338 | char *port = PORT_STR; | 339 | char *port = PORT_STR; |
| 339 | int full_log = 1; | 340 | int full_log = 1; |
| 340 | char *host = SSL_HOST_NAME; | 341 | char *host = SSL_HOST_NAME; |
| 342 | char *proxy = NULL, *connect = NULL; | ||
| 341 | char *cert_file = NULL, *key_file = NULL; | 343 | char *cert_file = NULL, *key_file = NULL; |
| 342 | int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; | 344 | int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; |
| 343 | char *passarg = NULL, *pass = NULL; | 345 | char *passarg = NULL, *pass = NULL; |
| @@ -412,8 +414,11 @@ s_client_main(int argc, char **argv) | |||
| 412 | } else if (strcmp(*argv, "-connect") == 0) { | 414 | } else if (strcmp(*argv, "-connect") == 0) { |
| 413 | if (--argc < 1) | 415 | if (--argc < 1) |
| 414 | goto bad; | 416 | goto bad; |
| 415 | if (!extract_host_port(*(++argv), &host, NULL, &port)) | 417 | connect = *(++argv); |
| 418 | } else if (strcmp(*argv, "-proxy") == 0) { | ||
| 419 | if (--argc < 1) | ||
| 416 | goto bad; | 420 | goto bad; |
| 421 | proxy = *(++argv); | ||
| 417 | } else if (strcmp(*argv, "-verify") == 0) { | 422 | } else if (strcmp(*argv, "-verify") == 0) { |
| 418 | verify = SSL_VERIFY_PEER; | 423 | verify = SSL_VERIFY_PEER; |
| 419 | if (--argc < 1) | 424 | if (--argc < 1) |
| @@ -624,6 +629,15 @@ s_client_main(int argc, char **argv) | |||
| 624 | argc--; | 629 | argc--; |
| 625 | argv++; | 630 | argv++; |
| 626 | } | 631 | } |
| 632 | if (proxy != NULL) { | ||
| 633 | if (!extract_host_port(proxy, &host, NULL, &port)) | ||
| 634 | goto bad; | ||
| 635 | if (connect == NULL) | ||
| 636 | connect = SSL_HOST_NAME; | ||
| 637 | } else if (connect != NULL) { | ||
| 638 | if (!extract_host_port(connect, &host, NULL, &port)) | ||
| 639 | goto bad; | ||
| 640 | } | ||
| 627 | if (badop) { | 641 | if (badop) { |
| 628 | bad: | 642 | bad: |
| 629 | if (errstr) | 643 | if (errstr) |
| @@ -971,8 +985,7 @@ re_start: | |||
| 971 | BIO_free(fbio); | 985 | BIO_free(fbio); |
| 972 | BIO_printf(sbio, "AUTH TLS\r\n"); | 986 | BIO_printf(sbio, "AUTH TLS\r\n"); |
| 973 | BIO_read(sbio, sbuf, BUFSIZZ); | 987 | BIO_read(sbio, sbuf, BUFSIZZ); |
| 974 | } | 988 | } else if (starttls_proto == PROTO_XMPP) { |
| 975 | if (starttls_proto == PROTO_XMPP) { | ||
| 976 | int seen = 0; | 989 | int seen = 0; |
| 977 | BIO_printf(sbio, "<stream:stream " | 990 | BIO_printf(sbio, "<stream:stream " |
| 978 | "xmlns:stream='http://etherx.jabber.org/streams' " | 991 | "xmlns:stream='http://etherx.jabber.org/streams' " |
| @@ -991,6 +1004,13 @@ re_start: | |||
| 991 | if (!strstr(sbuf, "<proceed")) | 1004 | if (!strstr(sbuf, "<proceed")) |
| 992 | goto shut; | 1005 | goto shut; |
| 993 | mbuf[0] = 0; | 1006 | mbuf[0] = 0; |
| 1007 | } else if (proxy != NULL) { | ||
| 1008 | BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", connect); | ||
| 1009 | mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); | ||
| 1010 | if (mbuf_len == -1) { | ||
| 1011 | BIO_printf(bio_err, "BIO_read failed\n"); | ||
| 1012 | goto end; | ||
| 1013 | } | ||
| 994 | } | 1014 | } |
| 995 | for (;;) { | 1015 | for (;;) { |
| 996 | struct pollfd pfd[3]; /* stdin, stdout, socket */ | 1016 | struct pollfd pfd[3]; /* stdin, stdout, socket */ |