[英]Proxy authentication with s_client
Note: this is not a duplicate of openssl s_client using a proxy , as I am specifically interested in proxy authentication, not the ability to use proxy.注意:这不是使用代理的openssl s_client的副本,因为我对代理身份验证特别感兴趣,而不是使用代理的能力。
I'm using openssl s_client
to inspect certificates of the target server to understand how/where the connection works or not.我正在使用
openssl s_client
检查目标服务器的证书以了解连接的工作方式/位置。 As I'm behind a corporate proxy, I can specify the proxy server with -proxy
flag, however I need to pass authentication details (username/password) to this proxy - and I haven't figured out how to do that.由于我在公司代理后面,我可以使用
-proxy
标志指定代理服务器,但是我需要将身份验证详细信息(用户名/密码)传递给该代理 - 我还没有想出如何做到这一点。
openssl s_client -proxy my.proxy.server:8080 -connect my.target.host
successfully connect to the proxy server, however, understandably, results in error s_client: HTTP CONNECT failed: 407 Unauthorized
.成功连接到代理服务器,但是,可以理解的是,会导致错误
s_client: HTTP CONNECT failed: 407 Unauthorized
。
Passing proxy server in the form of user:pass@my.proxy.server
or http://user:pass@my.proxy.server
both result in error s_client: -proxy argument malformed or ambiguous
.以
user:pass@my.proxy.server
或http://user:pass@my.proxy.server
的形式传递代理服务器都会导致错误s_client: -proxy argument malformed or ambiguous
。
How can I pass proxy authentication to s_client?如何将代理身份验证传递给 s_client? I would find it hard to believe that it supports proxy but not authenticated proxy.
我很难相信它支持代理但不支持经过身份验证的代理。
I'm using openssl version 1.1.1a.我正在使用 openssl 版本 1.1.1a。
You can use escape-from-intranet https://github.com/quaddy-services/escape-from-intranet#introduction您可以使用转义内网https://github.com/quaddy-services/escape-from-intranet#introduction
and specify并指定
host=my.proxy.server主机=我的.proxy.server
port=8080端口=8080
in the app and use在应用程序中并使用
openssl s_client -proxy localhost:3128 -connect my.target.host
and your local running application will enrich the real proxy call with your credentials.并且您本地运行的应用程序将使用您的凭据丰富真正的代理调用。
(In case you have a transparent proxy you need to switch the default proxy decision to "PROXY" in the "Decision" Menu) (如果您有透明代理,您需要在“决策”菜单中将默认代理决策切换为“代理”)
openssl v3.0 will supports proxy_user
and proxy_pass
options. openssl v3.0 将支持
proxy_user
和proxy_pass
选项。
no solution for now, the syntax after proxy is目前没有解决方案,代理后的语法是
host + ':' + service
host + ':' + '*'
host + ':'
':' + service
'*' + ':' + service
host
service
Just to follow up on @Arnaud Grandville's answer: OpenSSL v3 beta 1 has now been released, and it includes proxy authentication options.只是为了跟进@Arnaud Grandville 的回答:OpenSSL v3 beta 1 现已发布,它包括代理身份验证选项。 You have to compile it yourself, however.
但是,您必须自己编译它。
Unfortunately in v3 beta 1 the HTTP code had some issues so you can't use the code from their website as-is.不幸的是,在 v3 beta 1 中,HTTP 代码存在一些问题,因此您无法按原样使用其网站上的代码。 Anyone looking to compile from source can use the commands below to get an OpenSSL installation with working proxy authentication:
任何希望从源代码编译的人都可以使用以下命令来获得具有工作代理身份验证的 OpenSSL 安装:
git clone --branch openssl-3.0.0-beta1 https://github.com/openssl/openssl.git
cd openssl
git fetch
git checkout 6a1f9cd -- crypto/http/http_client.c
./Configure
make
make install
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.