diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-11-26 16:46:13 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-01-04 15:05:32 +0100 |
commit | 068549f8db6d792a88bb888118001c4582f79074 (patch) | |
tree | c441bdda706cf5949cf9f59a73885b125d355dc7 /apps/cmp.c | |
parent | a8251a32a0dc449fc39f44a1768e091fcc077227 (diff) | |
download | openssl-new-068549f8db6d792a88bb888118001c4582f79074.tar.gz |
HTTP client: Work around HTTPS proxy use bug due to callback design flaw
See discussion in #17088, where the real solution was postponed to 4.0.
This preliminarily fixes the issue that the HTTP(S) proxy environment vars
were neglected when determining whether a proxy should be used for HTTPS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17310)
Diffstat (limited to 'apps/cmp.c')
-rw-r--r-- | apps/cmp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 9d0b113998..5167446cde 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1926,15 +1926,18 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) goto err; } } + if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL) goto err; (void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info); /* info will be freed along with CMP ctx */ info->server = opt_server; info->port = server_port; - info->use_proxy = opt_proxy != NULL; + /* workaround for callback design flaw, see #17088: */ + info->use_proxy = proxy_host != NULL; info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT); info->ssl_ctx = setup_ssl_ctx(ctx, host, engine); + if (info->ssl_ctx == NULL) goto err; (void)OSSL_CMP_CTX_set_http_cb(ctx, app_http_tls_cb); |