{"id":13337933,"url":"https://github.com/Gutza/test-openssl-https-client","last_synced_at":"2025-03-11T08:32:00.669Z","repository":{"id":141762045,"uuid":"502297571","full_name":"Gutza/test-openssl-https-client","owner":"Gutza","description":"Test openssl as a client for HTTPS connections","archived":false,"fork":false,"pushed_at":"2022-06-11T15:39:57.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-23T20:11:16.490Z","etag":null,"topics":["https","openssl","tls"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Gutza.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-11T08:52:34.000Z","updated_at":"2022-06-11T12:00:53.000Z","dependencies_parsed_at":null,"dependency_job_id":"bedc1f65-e7f5-4810-8d9f-a6bd02acb4de","html_url":"https://github.com/Gutza/test-openssl-https-client","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gutza%2Ftest-openssl-https-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gutza%2Ftest-openssl-https-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gutza%2Ftest-openssl-https-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gutza%2Ftest-openssl-https-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Gutza","download_url":"https://codeload.github.com/Gutza/test-openssl-https-client/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243000811,"owners_count":20219747,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["https","openssl","tls"],"created_at":"2024-07-29T19:15:16.250Z","updated_at":"2025-03-11T08:32:00.660Z","avatar_url":"https://github.com/Gutza.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenSSL Test Client Workbench\r\n\r\nI built this workbench while investigating a [bug in Azure](https://stackoverflow.com/questions/72545162/unexpected-post-size-limit-for-azure-app-service-with-tls-mutual-authentication/72582490)\r\nwhich stumped me for a few frustrating days. I wanted to be able to **test making HTTPS requests to servers using various versions of OpenSSL**\r\nwithout messing up my computer's default libraries.\r\n\r\nThis is only tested on Linux/WSL. The proxy should run on anything, and the shell script _should_ be easily adapted to be portable;\r\nthe only real trick in the shell script are the parameters for `config`, everything else is just convenience.\r\n\r\n## Hello world\r\n1. Clone the repo locally;\r\n1. Start the proxy: `node proxy.js`\r\n1. Visit [http://localhost:8080/](http://localhost:8080/).\r\n\r\nNotice that you're using **http**://localhost:8080 to access **https**://www.google.com/ using the openssl binary specified in\r\nvariable `openssl_binary` to handle the TLS layer.\r\n\r\n## Using other versions of OpenSSL\r\n1. Clone the repo locally, if you haven't already;\r\n1. Download and build any official version of OpenSSL by running `./setup-openssl.sh 1.1.1n` (or any other version number, including 3.x).\r\n   \r\n   **This is safe**, the script doesn't attempt to actually install the new version in your OS – it just downloads, configures, and builds\r\n   the binary; it never even attemps to escalate privileges, and everything happens locally.\r\n\r\n   **IMPORTANT!** Despite my best efforts to properly handle paths with spaces in the shell script, I found it's impossible to build\r\n   some versions of openssl out of the box if your path contains spaces (I know for a fact this doesn't work for 1.1.1o, not sure about\r\n   other versions.) Caveat emptor.\r\n\r\n   You can also supply magic word `github` instead of a valid version number; that will cause it to clone the `master` branch from\r\n   https://github.com/openssl/openssl, and it will try to build that. You can even run that several times, and it will download the\r\n   newest version every time (as opposed to providing a version number, which it refuses to re-download).\r\n   Be advised this take ages – but that's life on the cutting edge.\r\n   \r\n1. Assuming everything works out well, you'll get a confirmation message at the end of the script which includes instructions on how to use\r\n   your new binary.\r\n\r\n1. (_Optional_) Confirm that your new binary is actually linked against the local libraries: compare the output of `ldd` when executed against\r\n   your new binary versus the output of `ldd $(which openssl)`;\r\n1. Start the proxy: `node proxy.js`\r\n1. Visit [http://localhost:8080/](http://localhost:8080/)\r\n\r\nNotice that you're now using the newly-compiled openssl to handle the TLS layer.\r\n\r\n## Other scenarios\r\nYou'll typically want to test your own website. Edit `remoteHost` and `remotePort` in `proxy.js` to indicate where you want the proxy to connect.\r\n\r\nIf you want to use mutual TLS authentication or any other openssl option just append stuff to the `openssl_params` array in `proxy.js` (there's already an example commented out in there).\r\nWhatever you do, don't remove parameter `-ign_eof`.\r\n\r\nIf you want to bind locally to another port just change the value of `localPort` in `proxy.js`.\r\n\r\nYou can of course use `curl`, `wget`, or any other thing which understands HTTP in order to send requests and parse responses, instead of your browser; use tunnels or VPNs to expose the endpoint wherever.\r\n\r\n## Known limitations\r\nI implemented this as a one-off investigative tool, so there are tons of limitations:\r\n- you can't set up anything dynamically, or even at runtime (the path to the local port, remote host, and remote port are all hardcoded);\r\n- the code is really poorly optimized and not robust enough (there are a few scenarios where the whole thing comes crashing down; I never had the time, nor the interest to investigate and fix that);\r\n- you can't bind to specific local interfaces or IP addresses;\r\n- connections are not handled elegantly at all – the proxy has extremely limited understanding of what it's doing, so it just keeps sockets laying around until something dies;\r\n- the way I'm injecting the Host header will bring shame to my family for generations to come.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGutza%2Ftest-openssl-https-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGutza%2Ftest-openssl-https-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGutza%2Ftest-openssl-https-client/lists"}