RT266: Add HTTP proxy/CONNECT to s_client

    OPT_V_ENUM,

    OPT_V_ENUM,

    OPT_X_ENUM,

    OPT_X_ENUM,

    OPT_S_ENUM,

    OPT_S_ENUM,

    OPT_FALLBACKSCSV, OPT_NOCMDS

    OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY

} OPTION_CHOICE;

} OPTION_CHOICE;

OPTIONS s_client_options[] = {

OPTIONS s_client_options[] = {

    {"port", OPT_PORT, 'p', "Use -connect instead"},

    {"port", OPT_PORT, 'p', "Use -connect instead"},

    {"connect", OPT_CONNECT, 's',

    {"connect", OPT_CONNECT, 's',

     "TCP/IP where to connect (default is " SSL_HOST_NAME ":" PORT_STR ")"},

     "TCP/IP where to connect (default is " SSL_HOST_NAME ":" PORT_STR ")"},

    {"proxy", OPT_PROXY, 's',

     "Connect to via specified proxy to the real server"},

    {"unix", OPT_UNIX, 's', "Connect over unix domain sockets"},

    {"unix", OPT_UNIX, 's', "Connect over unix domain sockets"},

    {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},

    {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},

    {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},

    {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},

    PROTO_IMAP,

    PROTO_IMAP,

    PROTO_FTP,

    PROTO_FTP,

    PROTO_TELNET,

    PROTO_TELNET,

    PROTO_XMPP

    PROTO_XMPP,

    PROTO_CONNECT

} PROTOCOL_CHOICE;

} PROTOCOL_CHOICE;

static OPT_PAIR services[] = {

static OPT_PAIR services[] = {

    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;

    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;

    STACK_OF(X509_CRL) *crls = NULL;

    STACK_OF(X509_CRL) *crls = NULL;

    const SSL_METHOD *meth = TLS_client_method();

    const SSL_METHOD *meth = TLS_client_method();

    char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL, *mbuf =

    char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL;

        NULL;

    char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL;

    char *cert_file = NULL, *key_file = NULL, *chain_file = NULL, *prog;

    char *cert_file = NULL, *key_file = NULL, *chain_file = NULL, *prog;

    char *chCApath = NULL, *chCAfile = NULL, *host = SSL_HOST_NAME, *inrand =

    char *chCApath = NULL, *chCAfile = NULL, *host = SSL_HOST_NAME, *inrand =

        NULL;

        NULL;

            port = atoi(opt_arg());

            port = atoi(opt_arg());

            break;

            break;

        case OPT_CONNECT:

        case OPT_CONNECT:

            if (!extract_host_port(opt_arg(), &host, NULL, &port))

            connectstr = opt_arg();

                goto end;

            break;

        case OPT_PROXY:

            proxystr = opt_arg();

            starttls_proto = PROTO_CONNECT;

            break;

            break;

        case OPT_UNIX:

        case OPT_UNIX:

            unix_path = opt_arg();

            unix_path = opt_arg();

    argc = opt_num_rest();

    argc = opt_num_rest();

    argv = opt_rest();

    argv = opt_rest();

    if (proxystr) {

        if (connectstr == NULL) {

            BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog);

            goto opthelp;

        }

        if (!extract_host_port(proxystr, &host, NULL, &port))

            goto end;

    }

    else if (!extract_host_port(connectstr, &host, NULL, &port))

        goto end;

    if (unix_path && (socket_type != SOCK_STREAM)) {

    if (unix_path && (socket_type != SOCK_STREAM)) {

        BIO_printf(bio_err,

        BIO_printf(bio_err,

                   "Can't use unix sockets and datagrams together\n");

                   "Can't use unix sockets and datagrams together\n");

            if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)

            if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)

                goto shut;

                goto shut;

        }

        }

        break;

    case PROTO_CONNECT:

        {

            int foundit = 0;

            BIO *fbio = BIO_new(BIO_f_buffer());

            BIO_push(fbio, sbio);

            BIO_printf(fbio, "CONNECT %s\r\n\r\n", connectstr);

            (void)BIO_flush(fbio);

            /* wait for multi-line response to end CONNECT response */

            do {

                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);

                if (strstr(mbuf, "200") != NULL

                    && strstr(mbuf, "established") != NULL)

                    foundit++;

            } while (mbuf_len > 3 && foundit == 0);

            (void)BIO_flush(fbio);

            BIO_pop(fbio);

            BIO_free(fbio);

            if (!foundit) {

                BIO_printf(bio_err, "%s: HTTP CONNECT failed\n", prog);

                goto shut;

            }

        }

        break;

    }

    }

    for (;;) {

    for (;;) {

B<openssl> B<s_client>

B<openssl> B<s_client>

[B<-connect host:port>]

[B<-connect host:port>]

[B<-proxy host:port>]

[B<-servername name>]

[B<-servername name>]

[B<-verify depth>]

[B<-verify depth>]

[B<-verify_return_error>]

[B<-verify_return_error>]

This specifies the host and optional port to connect to. If not specified

This specifies the host and optional port to connect to. If not specified

then an attempt is made to connect to the local host on port 4433.

then an attempt is made to connect to the local host on port 4433.

=item B<-proxy host:port>

When used with the B<-connect> flag, the program uses the host and port

specified with this flag and issues an HTTP CONNECT command to connect

to the desired server.

=item B<-servername name>

=item B<-servername name>

Set the TLS SNI (Server Name Indication) extension in the ClientHello message.

Set the TLS SNI (Server Name Indication) extension in the ClientHello message.