Commit ec2a0e60 authored by Richard Levitte's avatar Richard Levitte
Browse files

s_client: Better response success check for CONNECT 



Instead of looking for "200" and "established" (and failing all other
2xx responses or "Established"), let's look for a line that's not a
header (i.e. doesn't contain a ':') and where the first space is
followed by a '2'.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1664)
parent 9d6fcd42

apps/s_client.c

+30 −10
Original line number Diff line number Diff line
@@ -2020,24 +2020,44 @@ int s_client_main(int argc, char **argv) 
        break;

    case PROTO_CONNECT:

        {

            int foundit = 0;

            enum {

                error_proto,     /* Wrong protocol, not even HTTP */

                error_connect,   /* CONNECT failed */

                success

            } foundit = error_connect;

            BIO *fbio = BIO_new(BIO_f_buffer());



            BIO_push(fbio, sbio);

            BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr);

            (void)BIO_flush(fbio);

            /* wait for multi-line response to end CONNECT response */

            /*

             * The first line is the HTTP response.  According to RFC 7230,

             * it's formated exactly like this:

             *

             * HTTP/d.d ddd Reason text\r\n

             */

            mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);

            if (mbuf[8] != ' ') {

                BIO_printf(bio_err,

                           "%s: HTTP CONNECT failed, incorrect response "

                           "from proxy\n", prog);

                foundit = error_proto;

            } else if (mbuf[9] != '2') {

                BIO_printf(bio_err, "%s: HTTP CONNECT failed: %s ", prog,

                           &mbuf[9]);

            } else {

                foundit = success;

            }

            if (foundit != error_proto) {

                /* Read past all following headers */

                do {

                    mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);

                if (strstr(mbuf, "200") != NULL

                    && strstr(mbuf, "established") != NULL)

                    foundit++;

            } while (mbuf_len > 3 && foundit == 0);

                } while (mbuf_len > 2);

            }

            (void)BIO_flush(fbio);

            BIO_pop(fbio);

            BIO_free(fbio);

            if (!foundit) {

                BIO_printf(bio_err, "%s: HTTP CONNECT failed\n", prog);

            if (foundit != success) {

                goto shut;

            }

        }