Stop parsing the Emulators keywords in PPD files (Issue #5475)

[thirdparty/cups.git] / cups / tlscheck.c

diff --git a/cups/tlscheck.c b/cups/tlscheck.c
index fa8fdd540f146733b80257a63c0e20d51887ae2c..c88e7d09150d89bacf557db0ed00fe4e45d07e9d 100644 (file)
--- a/cups/tlscheck.c
+++ b/cups/tlscheck.c
@@ -4,13 +4,7 @@
  * Copyright 2007-2017 by Apple Inc.
  * Copyright 1997-2006 by Easy Software Products.
  *
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file.  If this file is
- * missing or damaged, see the license at "http://www.cups.org/".
- *
- * This file is subject to the Apple OS-Developed Software exception.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
  */
 
 /*
@@ -43,6 +37,8 @@ main(int  argc,                               /* I - Number of command-line arguments */
   http_t       *http;                  /* HTTP connection */
   const char   *server = NULL;         /* Hostname from command-line */
   int          port = 0;               /* Port number */
+  cups_array_t *creds;                 /* Server credentials */
+  char         creds_str[2048];        /* Credentials string */
   const char   *cipherName = "UNKNOWN";/* Cipher suite name */
   int          dhBits = 0;             /* Diffie-Hellman bits */
   int          tlsVersion = 0;         /* TLS version number */
@@ -97,6 +93,21 @@ main(int  argc,                              /* I - Number of command-line arguments */
       tls_min_version = _HTTP_TLS_1_0;
       tls_max_version = _HTTP_TLS_1_0;
     }
+    else if (!strcmp(argv[i], "--tls11"))
+    {
+      tls_min_version = _HTTP_TLS_1_1;
+      tls_max_version = _HTTP_TLS_1_1;
+    }
+    else if (!strcmp(argv[i], "--tls12"))
+    {
+      tls_min_version = _HTTP_TLS_1_2;
+      tls_max_version = _HTTP_TLS_1_2;
+    }
+    else if (!strcmp(argv[i], "--tls13"))
+    {
+      tls_min_version = _HTTP_TLS_1_3;
+      tls_max_version = _HTTP_TLS_1_3;
+    }
     else if (!strcmp(argv[i], "--rc4"))
     {
       tls_options |= _HTTP_TLS_ALLOW_RC4;
@@ -160,6 +171,16 @@ main(int  argc,                            /* I - Number of command-line arguments */
     return (1);
   }
 
+  if (httpCopyCredentials(http, &creds))
+  {
+    strlcpy(creds_str, "Unable to get server X.509 credentials.", sizeof(creds_str));
+  }
+  else
+  {
+    httpCredentialsString(creds, creds_str, sizeof(creds_str));
+    httpFreeCredentials(creds);
+  }
+
 #ifdef __APPLE__
   SSLProtocol protocol;
   SSLCipherSuite cipher;
@@ -697,6 +718,8 @@ main(int  argc,                             /* I - Number of command-line arguments */
   else
     printf("%s: OK (TLS: %d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName);
 
+  printf("    %s\n", creds_str);
+
   if (verbose)
   {
     httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipps", NULL, host, port, resource);
@@ -720,6 +743,7 @@ main(int  argc,                             /* I - Number of command-line arguments */
     }
 
     ippDelete(response);
+    puts("");
   }
 
   httpClose(http);
@@ -744,6 +768,9 @@ usage(void)
   puts("  --no-tls10  Disable TLS/1.0");
   puts("  --rc4       Allow RC4 encryption");
   puts("  --tls10     Only use TLS/1.0");
+  puts("  --tls11     Only use TLS/1.1");
+  puts("  --tls12     Only use TLS/1.2");
+  puts("  --tls13     Only use TLS/1.3");
   puts("  --verbose   Be verbose");
   puts("  -4          Connect using IPv4 addresses only");
   puts("  -6          Connect using IPv6 addresses only");