Re: [PATCH] s_client: bind to local ip (ticket 2578)

Mon, 28 Oct 2013 15:34:55 -0700 

Well, maybe but it's not always possible.
In my case I have machine which is running application server that is
handling a lot of connections (SSL and not) with different partners
(kind of gateway to access some services). Machine has two interfaces
(two IPs) - first one (default) connects machine with local intranet,
second one connects machine to internet via some Firewall. 
Now I want to troubleshoot some SSL connection to which I have access
only from this single machine (because of settings on firewall). And, of
course, I don't want to change routing tables, because it could affect
other connections (or maybe one don't have root access to change rooting
tables). 

Currently it's not possible with s_client (only) to specify which IP you
want to use for connection. My patch fixes this situation.

In fact many other tools like curl,socat,stunnel implements such
possibility so I thought it would be useful to have it also in s_client.
And it is useful, I'm using it a lot.

Krzysztof

On Mon, 2013-10-28 at 13:41 -0400, Watson, Patrick wrote:
> Perhaps I am misunderstanding, but wouldn't this normally be accomplished by 
> changing the route table on your multi-homed client machine?
> 
> Patrick Watson, CISSP
> Software Engineer
> Data Security & Electronic Payment Systems
> NCR Retail
> 
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On 
> Behalf Of Krzysztof Kwiatkowski
> Sent: Sunday, October 27, 2013 6:59 PM
> To: [email protected]
> Subject: [PATCH] s_client: bind to local ip (ticket 2578)
> 
> Hello,
> 
> This patch implements a change in s_client that makes it possible to select 
> local IP from which connection must be made.
> 
> Request for such change was suggested by ticket #2578
> 
> Motivation for such functionality is that one may not find s_client useful if 
> it tries to connect from host which has many network interfaces but only one 
> can be used for SSL connection (and it's not default one). In such cases some 
> tricks need to be done with tools like socat.
> 
> Please let me know if you find my patch useful or you would see it done 
> different way.
> 
> Best regards
> Krzysztof
> zt,-i_讀޽hgƢ).+-u&jם.+-1ځj:+v^%


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to