diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-05 15:42:36 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-06 09:26:39 +0100 |
commit | bafe9cf5e34e194f299762c270843781003a84ca (patch) | |
tree | 927d4a2dba9035b9e7c15bebf6e01c04f37d8710 /apps | |
parent | 0d1b778901764f9bc747674f0e23b40c82877e6e (diff) |
Add the ability to configure recv_max_early_data via s_server
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6655)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_server.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index b0502005cc..4e8a9e27bc 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -748,8 +748,8 @@ typedef enum OPTION_choice { OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, - OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, - OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, + OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, + OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -955,7 +955,9 @@ const OPTIONS s_server_options[] = { #endif {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, {"max_early_data", OPT_MAX_EARLY, 'n', - "The maximum number of bytes of early data"}, + "The maximum number of bytes of early data as advertised in tickets"}, + {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', + "The maximum number of bytes of early data (hard limit)"}, {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, {"num_tickets", OPT_S_NUM_TICKETS, 'n', "The number of TLSv1.3 session tickets that a server will automatically issue" }, @@ -1041,7 +1043,7 @@ int s_server_main(int argc, char *argv[]) unsigned int split_send_fragment = 0, max_pipelines = 0; const char *s_serverinfo_file = NULL; const char *keylog_file = NULL; - int max_early_data = -1; + int max_early_data = -1, recv_max_early_data = -1; char *psksessf = NULL; /* Init of few remaining global variables */ @@ -1570,6 +1572,13 @@ int s_server_main(int argc, char *argv[]) goto end; } break; + case OPT_RECV_MAX_EARLY: + recv_max_early_data = atoi(opt_arg()); + if (recv_max_early_data < 0) { + BIO_printf(bio_err, "Invalid value for recv_max_early_data\n"); + goto end; + } + break; case OPT_EARLY_DATA: early_data = 1; if (max_early_data == -1) @@ -2110,6 +2119,8 @@ int s_server_main(int argc, char *argv[]) if (max_early_data >= 0) SSL_CTX_set_max_early_data(ctx, max_early_data); + if (recv_max_early_data >= 0) + SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data); if (rev) server_cb = rev_body; |