Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

s_client -proxy option broken in master #17247

Closed
mattcaswell opened this issue Dec 9, 2021 · 3 comments
Closed

s_client -proxy option broken in master #17247

mattcaswell opened this issue Dec 9, 2021 · 3 comments
Labels
branch: master Merge to master branch triaged: bug The issue/pr is/fixes a bug

Comments

@mattcaswell
Copy link
Member

The s_client -proxy option no longer works in master:

$ openssl s_client -proxy localhost:8888 -connect localhost:4433 -trace
Connecting to 127.0.0.1
CONNECTED(00000003)
s_client: HTTP CONNECT failed, bad HTTP version HTT
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 70 bytes and written 65 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

This has regressed since OpenSSL 3.0 where it works fine. It was broken by commit 2ff286c in PR #15847.
@mattcaswell mattcaswell added triaged: bug The issue/pr is/fixes a bug branch: master Merge to master branch labels Dec 9, 2021
@mattcaswell
Copy link
Member Author

Ping @DDvO.

@mattcaswell mattcaswell mentioned this issue Dec 9, 2021
Closed
DDvO added a commit to siemens/openssl that referenced this issue Dec 9, 2021
@DDvO
OSSL_HTTP_proxy_connect(): Fix glitch in response HTTP header parsing
0a71d13 
Fixes openssl#17247
@DDvO DDvO mentioned this issue Dec 9, 2021
Closed
@DDvO
Copy link
Contributor

DDvO commented Dec 9, 2021

I had a fix for this issue already in one of my open pipelines.
Extracted it to #17250.

@DDvO
Copy link
Contributor

DDvO commented Dec 10, 2021

Would be good if we had tests also for the HTTP(S) proxy functionality
such that issues like this one would have been caught right away.

Yet this appears awkward to do because some client, proxy, and server stub needs to be set up using sockets and in part with TLS.
Maybe someone who has experience with the TLS tests can provide this.

DDvO added a commit to mpeylo/cmpossl that referenced this issue Aug 5, 2022
@DDvO
OSSL_HTTP_proxy_connect(): Fix glitch in response HTTP header parsing
edf1d62 
Fixes openssl#17247

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#17250)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: master Merge to master branch triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

OSSL_HTTP_proxy_connect(): Fix glitch in response HTTP header parsing siemens/openssl
2 participants
@DDvO @mattcaswell