[openssl.org #4145] Enhancement: patch to support s_client -starttls http

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #4145] Enhancement: patch to support s_client -starttls http

Rich Salz via RT
RFC 2817 defines upgrading HTTP/1.1 to TLS (or SSL).

Because Apache httpd supports Connection: Upgrade and Upgrade: TLS/1.x I've
gone ahead and instrumented s_client to support this behavior (and noted a
small optimization in the same logic stream for starttls support).

Attached is the patch to introduce this behavior.  It is a bit crufty, but
lacking a CUPS client that did connection upgrade to TLS, I needed
something for testing and experimentation.

I don't know that there is a justification for implementing Upgrade: h2
since this is a binary protocol that is not conducive to terminal mode :)

Source licensed by me under the OpenSSL license at
https://www.openssl.org/source/license.txt - don't see a need for a CLA,
but email me privately if so.


_______________________________________________
openssl-bugs-mod mailing list
[hidden email]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

starttls-http.patch (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #4145] Enhancement: patch to support s_client -starttls http

wrowe
Please note my typo identified by a dev at httpd, Yann...

A little note, probably some missing == here:
+        else if (meth = TLSv1_2_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.2\r\n");
+        else if (meth = TLSv1_1_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.1\r\n");
+        else if (meth = TLSv1_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.0\r\n");

Revised patch attached.



_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

starttls-http-v2.patch (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #4145] Enhancement: patch to support s_client -starttls http

Rich Salz via RT
Please note my typo identified by a dev at httpd, Yann...

A little note, probably some missing == here:
+        else if (meth = TLSv1_2_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.2\r\n");
+        else if (meth = TLSv1_1_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.1\r\n");
+        else if (meth = TLSv1_client_method())
+            BIO_printf(fbio, "Upgrade: TLS/1.0\r\n");

Revised patch attached.


_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

starttls-http-v2.patch (3K) Download Attachment