diff options
| author | Tianjia Zhang <tianjia.zhang@linux.alibaba.com> | 2021-09-15 11:39:51 +0800 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-09-19 07:39:15 +1000 |
| commit | e2ef7f1265e727567e8963aa2756a387a621ef71 (patch) | |
| tree | ad370242f607fa69877443e86890a579f5104cac /apps/s_server.c | |
| parent | bfbb62c3b0a8f8d223f84ebf7507594cee99f135 (diff) | |
apps/s_server: Add ktls option
From openssl-3.0.0-alpha15, KTLS is turned off by default, even if
KTLS feature in compilation, which makes it difficult to use KTLS
through s_server/s_client, so a parameter option 'ktls' is added
to enable KTLS through cmdline.
At the same time, SSL_sendfile() depends on KTLS feature to work
properly, make parameters sendfile depend on parameters ktls.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16609)
Diffstat (limited to 'apps/s_server.c')
| -rw-r--r-- | apps/s_server.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index c5d9221e90..9f448298f0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -716,7 +716,7 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, - OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, + OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, OPT_KTLS, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -958,6 +958,7 @@ const OPTIONS s_server_options[] = { {"alpn", OPT_ALPN, 's', "Set the advertised protocols for the ALPN extension (comma-separated list)"}, #ifndef OPENSSL_NO_KTLS + {"ktls", OPT_KTLS, '-', "Enable Kernel TLS for sending and receiving"}, {"sendfile", OPT_SENDFILE, '-', "Use sendfile to response file with -WWW"}, #endif @@ -1053,6 +1054,9 @@ int s_server_main(int argc, char *argv[]) int sctp_label_bug = 0; #endif int ignore_unexpected_eof = 0; +#ifndef OPENSSL_NO_KTLS + int enable_ktls = 0; +#endif /* Init of few remaining global variables */ local_argc = argc; @@ -1627,6 +1631,11 @@ int s_server_main(int argc, char *argv[]) case OPT_NOCANAMES: no_ca_names = 1; break; + case OPT_KTLS: +#ifndef OPENSSL_NO_KTLS + enable_ktls = 1; +#endif + break; case OPT_SENDFILE: #ifndef OPENSSL_NO_KTLS use_sendfile = 1; @@ -1694,6 +1703,11 @@ int s_server_main(int argc, char *argv[]) #endif #ifndef OPENSSL_NO_KTLS + if (use_sendfile && enable_ktls == 0) { + BIO_printf(bio_out, "Warning: -sendfile depends on -ktls, enabling -ktls now.\n"); + enable_ktls = 1; + } + if (use_sendfile && www <= 1) { BIO_printf(bio_err, "Can't use -sendfile without -WWW or -HTTP\n"); goto end; @@ -1883,6 +1897,10 @@ int s_server_main(int argc, char *argv[]) if (ignore_unexpected_eof) SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); +#ifndef OPENSSL_NO_KTLS + if (enable_ktls) + SSL_CTX_set_options(ctx, SSL_OP_ENABLE_KTLS); +#endif if (max_send_fragment > 0 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { |