The branch master has been updated via ea24196ef224d3aa3aaecb8000004bb7a0a100a2 (commit) from ff7cdc15875293a330831a80d83edbafd25a9d36 (commit)
- Log ----------------------------------------------------------------- commit ea24196ef224d3aa3aaecb8000004bb7a0a100a2 Author: Matt Caswell <m...@openssl.org> Date: Thu Dec 9 16:27:47 2021 +0000 Ensure s_client sends SNI data when used with -proxy The use of -proxy prevented s_client from correctly sending the target hostname as SNI data. Fixes #17232 Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17248) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index cdff15a1b6..1d73e1b39e 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -847,6 +847,7 @@ int s_client_main(int argc, char **argv) struct timeval tv; #endif const char *servername = NULL; + char *sname_alloc = NULL; int noservername = 0; const char *alpn_in = NULL; tlsextctx tlsextcbp = { NULL, 0 }; @@ -1541,6 +1542,14 @@ int s_client_main(int argc, char **argv) goto opthelp; } + if (servername == NULL && !noservername) { + servername = sname_alloc = OPENSSL_strdup(host); + if (sname_alloc == NULL) { + BIO_printf(bio_err, "%s: out of memory\n", prog); + goto end; + } + } + /* Retain the original target host:port for use in the HTTP proxy connect string */ thost = OPENSSL_strdup(host); tport = OPENSSL_strdup(port); @@ -3053,6 +3062,7 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_SRP OPENSSL_free(srp_arg.srppassin); #endif + OPENSSL_free(sname_alloc); OPENSSL_free(connectstr); OPENSSL_free(bindstr); OPENSSL_free(bindhost);