Re: [PATCH] s_client: bind to local ip (ticket 2578)

Tue, 05 Nov 2013 05:45:47 -0800 

Hello,

Any idea if this patch will be integrated?

Kris

On 2013-10-28 23:31, Krzysztof Kwiatkowski wrote:

Well, maybe but it's not always possible.
In my case I have machine which is running application server that is
handling a lot of connections (SSL and not) with different partners
(kind of gateway to access some services). Machine has two interfaces
(two IPs) - first one (default) connects machine with local intranet,
second one connects machine to internet via some Firewall.
Now I want to troubleshoot some SSL connection to which I have access
only from this single machine (because of settings on firewall). And, of course, I don't want to change routing tables, because it could affect other connections (or maybe one don't have root access to change rooting 
tables).
Currently it's not possible with s_client (only) to specify which IP you 
want to use for connection. My patch fixes this situation.

In fact many other tools like curl,socat,stunnel implements such
possibility so I thought it would be useful to have it also in s_client. 
And it is useful, I'm using it a lot.

Krzysztof

On Mon, 2013-10-28 at 13:41 -0400, Watson, Patrick wrote:
Perhaps I am misunderstanding, but wouldn't this normally be accomplished by changing the route table on your multi-homed client machine? 

Patrick Watson, CISSP
Software Engineer
Data Security & Electronic Payment Systems
NCR Retail


-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Krzysztof Kwiatkowski 
Sent: Sunday, October 27, 2013 6:59 PM
To: [email protected]
Subject: [PATCH] s_client: bind to local ip (ticket 2578)

Hello,
This patch implements a change in s_client that makes it possible to select local IP from which connection must be made. 

Request for such change was suggested by ticket #2578
Motivation for such functionality is that one may not find s_client useful if it tries to connect from host which has many network interfaces but only one can be used for SSL connection (and it's not default one). In such cases some tricks need to be done with tools like socat.
Please let me know if you find my patch useful or you would see it done different way. 

Best regards
Krzysztof
zt,-i_讀޽hgƢ).+-u&jם.+-1ځj:+v^%




______________________________________________________________________
OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to