wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

TLSProxy/Proxy.pm: bind s_server to loopback interface.

Browse source 
Bind even test/ssltest_old.c to loopback interface. This allows to avoid
unnecessary alerts from Windows and Mac OS X firewalls.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5933)
This commit is contained in:
Andy Polyakov 2018-04-11 23:16:52 +02:00
parent d47eb76cd5
commit de5b3a8645
2 changed files with 64 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
test/ssltest_old.c
View file

@ -1836,7 +1836,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
int err_in_client = 0;
int err_in_server = 0;
acpt = BIO_new_accept("0");
acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
: "[::1]:0");
if (acpt == NULL)
goto err;
BIO_set_accept_ip_family(acpt, family);

118
util/perl/TLSProxy/Proxy.pm
View file

@ -23,54 +23,15 @@ use TLSProxy::CertificateVerify;
use TLSProxy::ServerKeyExchange;
use TLSProxy::NewSessionTicket;
my $have_IPv6 = 0;
my $have_IPv6;
my $IP_factory;
my $is_tls13 = 0;
my $ciphersuite = undef;
sub new
BEGIN
{
my $class = shift;
my ($filter,
$execute,
$cert,
$debug) = @_;
my $self = {
#Public read/write
proxy_addr => "localhost",
server_addr => "localhost",
filter => $filter,
serverflags => "",
clientflags => "",
serverconnects => 1,
reneg => 0,
sessionfile => undef,
#Public read
proxy_port => 0,
server_port => 0,
serverpid => 0,
clientpid => 0,
execute => $execute,
cert => $cert,
debug => $debug,
cipherc => "",
ciphersuitesc => "",
ciphers => "AES128-SHA",
ciphersuitess => "TLS_AES_128_GCM_SHA256",
flight => -1,
direction => -1,
partial => ["", ""],
record_list => [],
message_list => [],
};
# IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't.
# However, IO::Socket::INET6 is older and is said to be more widely
# deployed for the moment, and may have less bugs, so we try the latter
# first, then fall back on the code modules. Worst case scenario, we
# first, then fall back on the core modules. Worst case scenario, we
# fall back to IO::Socket::INET, only supports IPv4.
eval {
require IO::Socket::INET6;
@ -101,8 +62,50 @@ sub new
$have_IPv6 = 1;
} else {
$IP_factory = sub { IO::Socket::INET->new(@_); };
$have_IPv6 = 0;
}
}
}
my $is_tls13 = 0;
my $ciphersuite = undef;
sub new
{
my $class = shift;
my ($filter,
$execute,
$cert,
$debug) = @_;
my $self = {
#Public read/write
proxy_addr => $have_IPv6 ? "[::1]" : "127.0.0.1",
filter => $filter,
serverflags => "",
clientflags => "",
serverconnects => 1,
reneg => 0,
sessionfile => undef,
#Public read
proxy_port => 0,
server_port => 0,
serverpid => 0,
clientpid => 0,
execute => $execute,
cert => $cert,
debug => $debug,
cipherc => "",
ciphersuitesc => "",
ciphers => "AES128-SHA",
ciphersuitess => "TLS_AES_128_GCM_SHA256",
flight => -1,
direction => -1,
partial => ["", ""],
record_list => [],
message_list => [],
};
# Create the Proxy socket
my $proxaddr = $self->{proxy_addr};
@ -113,11 +116,16 @@ sub new
Proto => "tcp",
Listen => SOMAXCONN,
);
$self->{proxy_sock} = $IP_factory->(@proxyargs);
if ($self->{proxy_sock}) {
$self->{proxy_port} = $self->{proxy_sock}->sockport();
print "Proxy started on port ".$self->{proxy_port}."\n";
if (my $sock = $IP_factory->(@proxyargs)) {
$self->{proxy_sock} = $sock;
$self->{proxy_port} = $sock->sockport();
$self->{proxy_addr} = $sock->sockhost();
$self->{proxy_addr} =~ s/(.*:.*)/[$1]/;
print "Proxy started on port ",
"$self->{proxy_addr}:$self->{proxy_port}\n";
# use same address for s_server
$self->{server_addr} = $self->{proxy_addr};
} else {
warn "Failed creating proxy socket (".$proxaddr.",0): $!\n";
}
@ -212,11 +220,9 @@ sub start
my $execcmd = $self->execute
." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest"
." -accept 0 -cert ".$self->cert." -cert2 ".$self->cert
." -accept $self->{server_addr}:0"
." -cert ".$self->cert." -cert2 ".$self->cert
." -naccept ".$self->serverconnects;
unless ($self->supports_IPv6) {
$execcmd .= " -4";
}
if ($self->ciphers ne "") {
$execcmd .= " -cipher ".$self->ciphers;
}
@ -286,7 +292,7 @@ sub start
$self->{serverpid} = $pid;
print STDERR "Server responds on ",
$self->{server_addr}, ":", $self->{server_port}, "\n";
"$self->{server_addr}:$self->{server_port}\n";
# Connect right away...
$self->connect_to_server();
@ -301,11 +307,8 @@ sub clientstart
if ($self->execute) {
my $pid;
my $execcmd = $self->execute
." s_client -max_protocol TLSv1.3 -engine ossltest -connect "
.($self->proxy_addr).":".($self->proxy_port);
unless ($self->supports_IPv6) {
$execcmd .= " -4";
}
." s_client -max_protocol TLSv1.3 -engine ossltest"
." -connect $self->{proxy_addr}:$self->{proxy_port}";
if ($self->cipherc ne "") {
$execcmd .= " -cipher ".$self->cipherc;
}
@ -315,6 +318,9 @@ sub clientstart
if ($self->clientflags ne "") {
$execcmd .= " ".$self->clientflags;
}
if ($self->clientflags !~ m/-(no)?servername/) {
$execcmd .= " -servername localhost";
}
if (defined $self->sessionfile) {
$execcmd .= " -ign_eof";
}