Update HTML versions of man pages.
- CUPS now sends the `Date` HTTP header in IPP requests (rdar://33302034)
- The `ippCopyAttribute` function did not copy out-of-band values correctly
(rdar://33688003)
+- The `ipptool` program now offers an option to validate response headers.
CHANGES IN CUPS V2.2.4
<b>Note: This directive is not supported on macOS 10.7 or later.</b>
<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyTLS1.0</i>]
+<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>]
<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The <i>DenyCBC</i> option disables all CBC cipher suites.
The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
<dt><b>TrustOnFirstUse Yes</b>
<dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b>
<dd style="margin-left: 5.0em"><dt><b>SSLListen [</b><i>ipv6-address</i><b>]:</b><i>port</i>
<dd style="margin-left: 5.0em"><dt><b>SSLListen *:</b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified address and port for encrypted connections.
-<dt><a name="SSLOptions"></a><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dt><a name="SSLOptions"></a><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>]
<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
<dd style="margin-left: 5.0em">Sets encryption options.
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The <i>DenyCBC</i> option disables all CBC cipher suites.
+The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
<dt><a name="SSLPort"></a><b>SSLPort </b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified port for encrypted connections.
<dt><a name="StrictConformance"></a><b>StrictConformance Yes</b>
<b>-f</b>
<i>filename</i>
] [
+<b>-h</b>
+] [
<b>-i</b>
<i>seconds</i>
] [
<dd style="margin-left: 5.0em">Defines the named variable.
<dt><b>-f</b><i> filename</i>
<dd style="margin-left: 5.0em">Defines the default request filename for tests.
+<dt><b>-h</b>
+<dd style="margin-left: 5.0em">Validate HTTP response headers.
<dt><b>-i</b><i> seconds</i>
<dd style="margin-left: 5.0em">Specifies that the (last)
<i>testfile</i>
<h3><a name="TEST_DIRECTIVES">Test Directives</a></h3>
The following directives are understood within a <i>test</i>:
<dl class="man">
-<dt><b>ATTR </b><i>tag attribute-name value(s)</i>
+<dt><b>ATTR </b><i>out-of-band-tag attribute-name</i>
+<dd style="margin-left: 5.0em"><dt><b>ATTR </b><i>tag attribute-name value(s)</i>
<dd style="margin-left: 5.0em">Adds an attribute to the test request.
-Values are separated by the comma (",") character - escape commas using the "" character.
+Out-of-band tags (admin-define, delete-attribute, no-value, not-settable, unknown, unsupported) have no value.
+Values for other tags are separated by the comma (",") character - escape commas using the "" character.
Common attributes and values are listed in the IANA IPP registry - see references below.
<dt><b>ATTR collection </b><i>attribute-name </i><b>{ MEMBER </b><i>tag member-name value(s) ... </i><b>}</b> [ <i>... </i><b>,{ </b><i>... </i><b>} </b>]
<dd style="margin-left: 5.0em">Adds a collection attribute to the test request.
<dd style="margin-left: 5.0em">Specifies that the current test should be repeated when the response status-code matches or does not match the value specified by the STATUS directive.
</dl>
<h3><a name="OPERATION_CODES">Operation Codes</a></h3>
-Operation codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 2911 and other IPP extension specifications. Here is a complete list of names supported by
+Operation codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 8011 and other IPP extension specifications. Here is a complete list of names supported by
<a href="man-ipptool.html?TOPIC=Man+Pages"><b>ipptool</b>(8):</a>
<pre class="man">
Validate-Job
</pre>
<h3><a name="STATUS_CODES">Status Codes</a></h3>
-Status codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 2911 and other IPP extension specifications. Here is a complete list of the names supported by
+Status codes correspond to the hexadecimal numbers (0xHHHH) and names from RFC 8011 and other IPP extension specifications. Here is a complete list of the names supported by
<a href="man-ipptool.html?TOPIC=Man+Pages"><b>ipptool</b>(8):</a>
<pre class="man">
successful-ok-too-many-events
</pre>
<h3><a name="TAGS">Tags</a></h3>
-Value and group tags correspond to the names from RFC 2911 and other IPP extension specifications. Here are the group tags:
+Value and group tags correspond to the names from RFC 8011 and other IPP extension specifications. Here are the group tags:
<pre class="man">
document-attributes-tag
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH ipptool 1 "CUPS" "13 June 2017" "Apple Inc."
+.TH ipptool 1 "CUPS" "4 August 2017" "Apple Inc."
.SH NAME
ipptool \- perform internet printing protocol requests
.SH SYNOPSIS
.B \-f
.I filename
] [
+.B \-h
+] [
.B \-i
.I seconds
] [
.BI \-f \ filename
Defines the default request filename for tests.
.TP 5
+.B \-h
+Validate HTTP response headers.
+.TP 5
.BI \-i \ seconds
Specifies that the (last)
.I testfile
IgnoreErrors = 0, /* Ignore errors? */
StopAfterIncludeError = 0,
/* Stop after include errors? */
- Verbosity = 0, /* Show all attributes? */
+ ValidateHeaders = 0, /* Validate HTTP headers in response? */
+ Verbosity = 0, /* Show all attributes? */
Version = 11, /* Default IPP version */
XMLHeader = 0, /* 1 if header is written */
TestCount = 0, /* Number of tests run */
}
break;
+ case 'h' : /* Validate response headers */
+ ValidateHeaders = 1;
+ break;
+
case 'i' : /* Test every N seconds */
i ++;
add_stringf(errors, "Bad HTTP version (%d.%d)", http->version / 100,
http->version % 100);
+ if (ValidateHeaders)
+ {
+ const char *header; /* HTTP header value */
+
+ if ((header = httpGetField(http, HTTP_FIELD_CONTENT_TYPE)) == NULL || _cups_strcasecmp(header, "application/ipp"))
+ add_stringf(errors, "Bad HTTP Content-Type in response (%s)", header && *header ? header : "<missing>");
+
+ if ((header = httpGetField(http, HTTP_FIELD_DATE)) != NULL && *header && httpGetDateTime(header) == 0)
+ add_stringf(errors, "Bad HTTP Date in response (%s)", header);
+ }
+
if (!response)
{
/*
_cupsLangPuts(stderr, _(" -c Produce CSV output."));
_cupsLangPuts(stderr, _(" -d name=value Set named variable to value."));
_cupsLangPuts(stderr, _(" -f filename Set default request filename."));
+ _cupsLangPuts(stderr, _(" -h Validate HTTP response headers."));
_cupsLangPuts(stderr, _(" -i seconds Repeat the last file with the given time interval."));
_cupsLangPuts(stderr, _(" -l Produce plain text output."));
_cupsLangPuts(stderr, _(" -n count Repeat the last file the given number of times."));