diff options
author | Richard Levitte <levitte@openssl.org> | 2016-10-05 12:37:58 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-01-25 00:40:17 +0100 |
commit | ec2a0e60652c0e61e90dde367756c5d92cd882d3 (patch) | |
tree | 8a7e8082de6a547b7d2b5b240c2ce8304b7d5b45 /apps | |
parent | 9d6fcd4295fef7ebc4232aab85718a99d36cc50a (diff) | |
download | openssl-ec2a0e60652c0e61e90dde367756c5d92cd882d3.tar.gz |
s_client: Better response success check for CONNECT
Instead of looking for "200" and "established" (and failing all other
2xx responses or "Established"), let's look for a line that's not a
header (i.e. doesn't contain a ':') and where the first space is
followed by a '2'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1664)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_client.c | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index f6b556dd76..5307eab116 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2020,24 +2020,44 @@ int s_client_main(int argc, char **argv) break; case PROTO_CONNECT: { - int foundit = 0; + enum { + error_proto, /* Wrong protocol, not even HTTP */ + error_connect, /* CONNECT failed */ + success + } foundit = error_connect; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr); (void)BIO_flush(fbio); - /* wait for multi-line response to end CONNECT response */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - if (strstr(mbuf, "200") != NULL - && strstr(mbuf, "established") != NULL) - foundit++; - } while (mbuf_len > 3 && foundit == 0); + /* + * The first line is the HTTP response. According to RFC 7230, + * it's formated exactly like this: + * + * HTTP/d.d ddd Reason text\r\n + */ + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (mbuf[8] != ' ') { + BIO_printf(bio_err, + "%s: HTTP CONNECT failed, incorrect response " + "from proxy\n", prog); + foundit = error_proto; + } else if (mbuf[9] != '2') { + BIO_printf(bio_err, "%s: HTTP CONNECT failed: %s ", prog, + &mbuf[9]); + } else { + foundit = success; + } + if (foundit != error_proto) { + /* Read past all following headers */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + } while (mbuf_len > 2); + } (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); - if (!foundit) { - BIO_printf(bio_err, "%s: HTTP CONNECT failed\n", prog); + if (foundit != success) { goto shut; } } |