diff options
| author | Trevor <trevp@trevp.net> | 2013-05-12 18:55:27 -0700 |
|---|---|---|
| committer | Ben Laurie <ben@links.org> | 2013-06-12 17:01:13 +0100 |
| commit | a398f821fa98b9923a426cf45b268cf4d56c89bd (patch) | |
| tree | 7bedc4b2a027f86e9d2d8cd9b4814ebddaf0c39e /ssl/ssltest.c | |
| parent | 6d84daa5d665e0de30c3d970cab65e8ade4d5b14 (diff) | |
Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
Diffstat (limited to 'ssl/ssltest.c')
| -rw-r--r-- | ssl/ssltest.c | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index db87b1a35e..f67c7eab8e 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -370,6 +370,41 @@ static int verify_npn(SSL *client, SSL *server) } #endif +#define SCT_EXT_TYPE 18 +#define TACK_EXT_TYPE 62208 + +/* These set from cmdline */ +char* serverinfo_file = NULL; +int serverinfo_sct = 0; +int serverinfo_tack = 0; +int serverinfo_sct_seen = 0; +int serverinfo_tack_seen = 0; +int serverinfo_other_seen = 0; + +static int serverinfo_cli_cb(SSL* s, unsigned short ext_type, + const unsigned char* in, unsigned short inlen, + int* al, void* arg) + { + if (ext_type == SCT_EXT_TYPE) + serverinfo_sct_seen++; + else if (ext_type == TACK_EXT_TYPE) + serverinfo_tack_seen++; + else + serverinfo_other_seen++; + return 1; + } + +static int verify_serverinfo() + { + if (serverinfo_sct != serverinfo_sct_seen) + return -1; + if (serverinfo_tack != serverinfo_tack_seen) + return -1; + if (serverinfo_other_seen) + return -1; + return 0; + } + static char *cipher=NULL; static int verbose=0; static int debug=0; @@ -449,6 +484,9 @@ static void sv_usage(void) fprintf(stderr," -npn_server - have server side offer NPN\n"); fprintf(stderr," -npn_server_reject - have server reject NPN\n"); #endif + fprintf(stderr," -serverinfo_file - have server use this file\n"); + fprintf(stderr," -serverinfo_sct - have client offer and expect SCT\n"); + fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n"); } static void print_details(SSL *c_ssl, const char *prefix) @@ -861,6 +899,19 @@ int main(int argc, char *argv[]) npn_server_reject = 1; } #endif + else if (strcmp(*argv,"-serverinfo_sct") == 0) + { + serverinfo_sct = 1; + } + else if (strcmp(*argv,"-serverinfo_tack") == 0) + { + serverinfo_tack = 1; + } + else if (strcmp(*argv,"-serverinfo_file") == 0) + { + if (--argc < 1) goto bad; + serverinfo_file = *(++argv); + } else { fprintf(stderr,"unknown option %s\n",*argv); @@ -1186,6 +1237,18 @@ bad: } #endif + if (serverinfo_sct) + SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL, serverinfo_cli_cb, NULL); + if (serverinfo_tack) + SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE, NULL, serverinfo_cli_cb, NULL); + + if (serverinfo_file) + if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) + { + BIO_printf(bio_err, "missing serverinfo file\n"); + goto end; + } + c_ssl=SSL_new(c_ctx); s_ssl=SSL_new(s_ctx); @@ -1643,6 +1706,12 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, goto end; } #endif + if (verify_serverinfo() < 0) + { + ret = 1; + goto err; + } + end: ret = 0; @@ -1945,6 +2014,11 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) goto err; } #endif + if (verify_serverinfo() < 0) + { + ret = 1; + goto err; + } ret=0; err: /* We have to set the BIO's to NULL otherwise they will be |