Ensure s_client sends SNI data when used with -proxy

The use of -proxy prevented s_client from correctly sending the target
hostname as SNI data.

Fixes #17232

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17248)

(cherry picked from commit ea24196ef224d3aa3aaecb8000004bb7a0a100a2)

diff --git a/apps/s_client.c b/apps/s_client.c
index 30a9b34ccb6fb53e1f6fdc07607a8a2380c291ec..3240467fb22aee5a2bf9d91908b3e8949b1c29d9 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -843,6 +843,7 @@ int s_client_main(int argc, char **argv)
     struct timeval tv;
 #endif
     const char *servername = NULL;
+    char *sname_alloc = NULL;
     int noservername = 0;
     const char *alpn_in = NULL;
     tlsextctx tlsextcbp = { NULL, 0 };
@@ -1530,6 +1531,14 @@ int s_client_main(int argc, char **argv)
             goto opthelp;
         }
 
+        if (servername == NULL && !noservername) {
+            servername = sname_alloc = OPENSSL_strdup(host);
+            if (sname_alloc == NULL) {
+                BIO_printf(bio_err, "%s: out of memory\n", prog);
+                goto end;
+            }
+        }
+
         /* Retain the original target host:port for use in the HTTP proxy connect string */
         thost = OPENSSL_strdup(host);
         tport = OPENSSL_strdup(port);
@@ -3038,6 +3047,7 @@ int s_client_main(int argc, char **argv)
 #ifndef OPENSSL_NO_SRP
     OPENSSL_free(srp_arg.srppassin);
 #endif
+    OPENSSL_free(sname_alloc);
     OPENSSL_free(connectstr);
     OPENSSL_free(bindstr);
     OPENSSL_free(bindhost);