Add header validation option to ipptool.

Update HTML versions of man pages.

diff --git a/CHANGES.md b/CHANGES.md
index ad406c9c059c928dde8857e415a6a8fe3f9c1dd0..62a8b81a99b1e868c34184976ab6867dd5571474 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -38,6 +38,7 @@ CHANGES IN CUPS V2.2.5
 - CUPS now sends the `Date` HTTP header in IPP requests (rdar://33302034)
 - The `ippCopyAttribute` function did not copy out-of-band values correctly
   (rdar://33688003)
+- The `ipptool` program now offers an option to validate response headers.
 
 
 CHANGES IN CUPS V2.2.4

diff --git a/doc/help/man-client.conf.html b/doc/help/man-client.conf.html
index 0fef0d479228c6d0d1283899df9d1ded6d49a3d7..b9791376f63945decbe487c9168df36db52d6031 100644 (file)
--- a/doc/help/man-client.conf.html
+++ b/doc/help/man-client.conf.html
@@ -40,13 +40,14 @@ CUPS adds the remote hostname ("name@server.example.com") for you. The default n
 <b>Note: This directive is not supported on macOS 10.7 or later.</b>
 <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
 <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyTLS1.0</i>]
+<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>]
 <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
 <dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
 By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
 The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
 The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
 The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The <i>DenyCBC</i> option disables all CBC cipher suites.
 The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
 <dt><b>TrustOnFirstUse Yes</b>
 <dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b>

diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html
index 85e601edfdf0428d26d1fa62791c795e95e2e0a2..a2b95f983176e393535217a5393aa13b9cd14a8e 100644 (file)
--- a/doc/help/man-cupsd.conf.html
+++ b/doc/help/man-cupsd.conf.html
@@ -310,12 +310,15 @@ The default is "Minimal".
 <dd style="margin-left: 5.0em"><dt><b>SSLListen [</b><i>ipv6-address</i><b>]:</b><i>port</i>
 <dd style="margin-left: 5.0em"><dt><b>SSLListen *:</b><i>port</i>
 <dd style="margin-left: 5.0em">Listens on the specified address and port for encrypted connections.
-<dt><a name="SSLOptions"></a><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dt><a name="SSLOptions"></a><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>]
 <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
 <dd style="margin-left: 5.0em">Sets encryption options.
 By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
 The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
 The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The <i>DenyCBC</i> option disables all CBC cipher suites.
+The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
 <dt><a name="SSLPort"></a><b>SSLPort </b><i>port</i>
 <dd style="margin-left: 5.0em">Listens on the specified port for encrypted connections.
 <dt><a name="StrictConformance"></a><b>StrictConformance Yes</b>

diff --git a/doc/help/man-ipptool.html b/doc/help/man-ipptool.html
index ef95bfee49a1b40843c86b3542b49a2a217fb091..ec40d1ad1b014ef2fe0475a6de3ee93056327530 100644 (file)
--- a/doc/help/man-ipptool.html
+++ b/doc/help/man-ipptool.html
@@ -51,6 +51,8 @@ ipptool - perform internet printing protocol requests
 <b>-f</b>
 <i>filename</i>
 ] [
+<b>-h</b>
+] [
 <b>-i</b>
 <i>seconds</i>
 ] [
@@ -134,6 +136,8 @@ This option is incompatible with the <b>-i</b> (interval) and <b>-n</b> (repeat-
 <dd style="margin-left: 5.0em">Defines the named variable.
 <dt><b>-f</b><i> filename</i>
 <dd style="margin-left: 5.0em">Defines the default request filename for tests.
+<dt><b>-h</b>
+<dd style="margin-left: 5.0em">Validate HTTP response headers.
 <dt><b>-i</b><i> seconds</i>
 <dd style="margin-left: 5.0em">Specifies that the (last)
 <i>testfile</i>

diff --git a/doc/help/man-ipptoolfile.html b/doc/help/man-ipptoolfile.html
index 2921bea2d384f247cc96e1fb8004ba11bf1f2a52..c426af7d836baedcfa93b4c6d79d248cb9fdf5a8 100644 (file)
--- a/doc/help/man-ipptoolfile.html
+++ b/doc/help/man-ipptoolfile.html
@@ -139,9 +139,11 @@ command-line. Support for content length requests is required for conformance wi
 <h3><a name="TEST_DIRECTIVES">Test Directives</a></h3>
 The following directives are understood within a <i>test</i>:
 <dl class="man">
-<dt><b>ATTR </b><i>tag attribute-name value(s)</i>
+<dt><b>ATTR </b><i>out-of-band-tag attribute-name</i>
+<dd style="margin-left: 5.0em"><dt><b>ATTR </b><i>tag attribute-name value(s)</i>
 <dd style="margin-left: 5.0em">Adds an attribute to the test request.
-Values are separated by the comma (",") character - escape commas using the "" character.
+Out-of-band tags (admin-define, delete-attribute, no-value, not-settable, unknown, unsupported) have no value.
+Values for other tags are separated by the comma (",") character - escape commas using the "" character.
 Common attributes and values are listed in the IANA IPP registry - see references below.
 <dt><b>ATTR collection </b><i>attribute-name </i><b>{ MEMBER </b><i>tag member-name value(s) ... </i><b>}</b> [ <i>... </i><b>,{ </b><i>... </i><b>} </b>]
 <dd style="margin-left: 5.0em">Adds a collection attribute to the test request.
@@ -303,7 +305,7 @@ Specifies the maximum number of times to repeat. The default value is 1000.
 <dd style="margin-left: 5.0em">Specifies that the current test should be repeated when the response status-code matches or does not match the value specified by the STATUS directive.
 </dl>
 <h3><a name="OPERATION_CODES">Operation Codes</a></h3>
-Operation codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 2911 and other IPP extension specifications. Here is a complete list of names supported by
+Operation codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 8011 and other IPP extension specifications. Here is a complete list of names supported by
 <a href="man-ipptool.html?TOPIC=Man+Pages"><b>ipptool</b>(8):</a>
 <pre class="man">
 
@@ -376,7 +378,7 @@ Operation codes correspond to the hexadecimal numbers (0xHHHH) and names from RF
     Validate-Job
 </pre>
 <h3><a name="STATUS_CODES">Status Codes</a></h3>
-Status codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 2911 and other IPP extension specifications. Here is a complete list of the names supported by
+Status codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 8011 and other IPP extension specifications. Here is a complete list of the names supported by
 <a href="man-ipptool.html?TOPIC=Man+Pages"><b>ipptool</b>(8):</a>
 <pre class="man">
 
@@ -439,7 +441,7 @@ Status codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 2
     successful-ok-too-many-events
 </pre>
 <h3><a name="TAGS">Tags</a></h3>
-Value and group tags correspond to the names from RFC 2911 and other IPP extension specifications. Here are the group tags:
+Value and group tags correspond to the names from RFC 8011 and other IPP extension specifications. Here are the group tags:
 <pre class="man">
 
     document-attributes-tag

diff --git a/man/ipptool.man b/man/ipptool.man
index ecc957525405f5ec8a903c0538d893d3e2023f34..9373b6602da521fdae4c82b37ab1ac05558c3605 100644 (file)
--- a/man/ipptool.man
+++ b/man/ipptool.man
@@ -9,7 +9,7 @@
 .\" which should have been included with this file.  If this file is
 .\" file is missing or damaged, see the license at "http://www.cups.org/".
 .\"
-.TH ipptool 1 "CUPS" "13 June 2017" "Apple Inc."
+.TH ipptool 1 "CUPS" "4 August 2017" "Apple Inc."
 .SH NAME
 ipptool \- perform internet printing protocol requests
 .SH SYNOPSIS
@@ -54,6 +54,8 @@ ipptool \- perform internet printing protocol requests
 .B \-f
 .I filename
 ] [
+.B \-h
+] [
 .B \-i
 .I seconds
 ] [
@@ -154,6 +156,9 @@ Defines the named variable.
 .BI \-f \ filename
 Defines the default request filename for tests.
 .TP 5
+.B \-h
+Validate HTTP response headers.
+.TP 5
 .BI \-i \ seconds
 Specifies that the (last)
 .I testfile

diff --git a/test/ipptool.c b/test/ipptool.c
index 55b9b9796c0ca6acdb5fbfed334040c14bcc8972..005800b6f54b9da8de6fc3a76a634ba1c5d1aafb 100644 (file)
--- a/test/ipptool.c
+++ b/test/ipptool.c
@@ -135,7 +135,8 @@ static int  Cancel = 0,             /* Cancel test? */
                IgnoreErrors = 0,       /* Ignore errors? */
                StopAfterIncludeError = 0,
                                        /* Stop after include errors? */
-               Verbosity = 0,          /* Show all attributes? */
+               ValidateHeaders = 0,    /* Validate HTTP headers in response? */
+                Verbosity = 0,          /* Show all attributes? */
                Version = 11,           /* Default IPP version */
                XMLHeader = 0,          /* 1 if header is written */
                TestCount = 0,          /* Number of tests run */
@@ -510,6 +511,10 @@ main(int  argc,                            /* I - Number of command-line args */
               }
              break;
 
+          case 'h' : /* Validate response headers */
+              ValidateHeaders = 1;
+              break;
+
           case 'i' : /* Test every N seconds */
              i ++;
 
@@ -2810,6 +2815,17 @@ do_tests(cups_file_t  *outfile,          /* I - Output file */
        add_stringf(errors, "Bad HTTP version (%d.%d)", http->version / 100,
                    http->version % 100);
 
+      if (ValidateHeaders)
+      {
+        const char *header;               /* HTTP header value */
+
+        if ((header = httpGetField(http, HTTP_FIELD_CONTENT_TYPE)) == NULL || _cups_strcasecmp(header, "application/ipp"))
+          add_stringf(errors, "Bad HTTP Content-Type in response (%s)", header && *header ? header : "<missing>");
+
+        if ((header = httpGetField(http, HTTP_FIELD_DATE)) != NULL && *header && httpGetDateTime(header) == 0)
+          add_stringf(errors, "Bad HTTP Date in response (%s)", header);
+      }
+
       if (!response)
       {
        /*
@@ -5070,6 +5086,7 @@ usage(void)
   _cupsLangPuts(stderr, _("  -c                      Produce CSV output."));
   _cupsLangPuts(stderr, _("  -d name=value           Set named variable to value."));
   _cupsLangPuts(stderr, _("  -f filename             Set default request filename."));
+  _cupsLangPuts(stderr, _("  -h                      Validate HTTP response headers."));
   _cupsLangPuts(stderr, _("  -i seconds              Repeat the last file with the given time interval."));
   _cupsLangPuts(stderr, _("  -l                      Produce plain text output."));
   _cupsLangPuts(stderr, _("  -n count                Repeat the last file the given number of times."));