APIs.
- Added new `cupsRasterInitHeader` API.
- Added `httpConnectURI` API.
+- Added `httpGetSecurity` API.
- Added `ippAddCredentialsString`, `ippGetFirstAttribute`,
`ippGetNextAttribute`, `ippRestore`, and `ippSave` APIs.
- Added new DNS-SD APIs.
//
// Hyper-Text Transport Protocol definitions for CUPS.
//
-// Copyright © 2020-2024 by OpenPrinting.
+// Copyright © 2020-2025 by OpenPrinting.
// Copyright © 2007-2018 by Apple Inc.
// Copyright © 1997-2007 by Easy Software Products, all rights reserved.
//
extern size_t httpGetPending(http_t *http) _CUPS_PUBLIC;
extern size_t httpGetReady(http_t *http) _CUPS_PUBLIC;
extern size_t httpGetRemaining(http_t *http) _CUPS_PUBLIC;
+extern const char *httpGetSecurity(http_t *http, char *buffer, size_t bufsize) _CUPS_PUBLIC;
extern http_state_t httpGetState(http_t *http) _CUPS_PUBLIC;
extern http_status_t httpGetStatus(http_t *http) _CUPS_PUBLIC;
extern char *httpGetSubField(http_t *http, http_field_t field, const char *name, char *value) _CUPS_DEPRECATED_MSG("Use httpGetSubField2 instead.");
httpGetPending
httpGetReady
httpGetRemaining
+httpGetSecurity
httpGetState
httpGetStatus
httpGetSubField
}
+//
+// 'httpGetSecurity()' - Get the TLS version and cipher suite used by a connection.
+//
+// This function gets the TLS version and cipher suite being used by a
+// connection, if any. The string is copied to "buffer" and is of the form
+// "TLS/major.minor CipherSuite". If not encrypted, the buffer is cleared to
+// the empty string.
+//
+// @since CUPS 2.5@
+//
+
+const char * // O - Security information or `NULL` if not encrypted
+httpGetSecurity(http_t *http, // I - HTTP connection
+ char *buffer, // I - String buffer
+ size_t bufsize) // I - Size of buffer
+{
+ const char *cipherName; // Cipher suite name
+
+
+ // Range check input...
+ if (buffer)
+ *buffer = '\0';
+
+ if (!http || !http->tls || !buffer || bufsize < 16)
+ return (NULL);
+
+ // Record the TLS version and cipher suite...
+ cipherName = gnutls_session_get_desc(http->tls);
+
+ switch (gnutls_protocol_get_version(http->tls))
+ {
+ default :
+ snprintf(buffer, bufsize, "TLS/?.? %s", cipherName);
+ break;
+
+ case GNUTLS_TLS1_0 :
+ snprintf(buffer, bufsize, "TLS/1.0 %s", cipherName);
+ break;
+
+ case GNUTLS_TLS1_1 :
+ snprintf(buffer, bufsize, "TLS/1.1 %s", cipherName);
+ break;
+
+ case GNUTLS_TLS1_2 :
+ snprintf(buffer, bufsize, "TLS/1.2 %s", cipherName);
+ break;
+
+ case GNUTLS_TLS1_3 :
+ snprintf(buffer, bufsize, "TLS/1.3 %s", cipherName);
+ break;
+ }
+
+ return (buffer);
+}
+
+
//
// '_httpTLSInitialize()' - Initialize the TLS stack.
//
}
+//
+// 'httpGetSecurity()' - Get the TLS version and cipher suite used by a connection.
+//
+// This function gets the TLS version and cipher suite being used by a
+// connection, if any. The string is copied to "buffer" and is of the form
+// "TLS/major.minor CipherSuite". If not encrypted, the buffer is cleared to
+// the empty string.
+//
+// @since CUPS 2.5@
+//
+
+const char * // O - Security information or `NULL` if not encrypted
+httpGetSecurity(http_t *http, // I - HTTP connection
+ char *buffer, // I - String buffer
+ size_t bufsize) // I - Size of buffer
+{
+ const char *cipherName; // Cipher suite name
+
+
+ // Range check input...
+ if (buffer)
+ *buffer = '\0';
+
+ if (!http || !http->tls || !buffer || bufsize < 16)
+ return (NULL);
+
+ // Record the TLS version and cipher suite...
+ cipherName = SSL_get_cipher_name(http->tls);
+
+ switch (SSL_version(http->tls))
+ {
+ default :
+ snprintf(buffer, bufsize, "TLS/?.? %s", cipherName);
+ break;
+
+ case TLS1_VERSION :
+ snprintf(buffer, bufsize, "TLS/1.0 %s", cipherName);
+ break;
+
+ case TLS1_1_VERSION :
+ snprintf(buffer, bufsize, "TLS/1.1 %s", cipherName);
+ break;
+
+ case TLS1_2_VERSION :
+ snprintf(buffer, bufsize, "TLS/1.2 %s", cipherName);
+ break;
+
+# ifdef TLS1_3_VERSION
+ case TLS1_3_VERSION :
+ snprintf(buffer, bufsize, "TLS/1.3 %s", cipherName);
+ break;
+# endif // TLS1_3_VERSION
+ }
+
+ return (buffer);
+}
+
+
//
// '_httpTLSInitialize()' - Initialize the TLS stack.
//
//
// TLS check program for CUPS.
//
-// Copyright © 2020-2024 by OpenPrinting.
+// Copyright © 2020-2025 by OpenPrinting.
// Copyright © 2007-2017 by Apple Inc.
// Copyright © 1997-2006 by Easy Software Products.
//
http_t *http = NULL; // HTTP connection
const char *server = NULL; // Hostname from command-line
int port = 0; // Port number
- char *creds; // Server credentials
- char creds_str[2048]; // Credentials string
- const char *cipherName; // Cipher suite name
- int tlsVersion = 0; // TLS version number
- char uri[1024], // Printer URI
+ char *creds, // Server credentials
+ creds_str[2048], // Credentials string
+ security[256], // Security string
+ uri[1024], // Printer URI
scheme[32], // URI scheme
host[256], // Hostname
userpass[256], // Username/password
free(creds);
}
-#ifdef HAVE_OPENSSL
- switch (SSL_version(http->tls))
- {
- default :
- tlsVersion = 0;
- break;
-
- case TLS1_VERSION :
- tlsVersion = 10;
- break;
-
- case TLS1_1_VERSION :
- tlsVersion = 11;
- break;
-
- case TLS1_2_VERSION :
- tlsVersion = 12;
- break;
-
-# ifdef TLS1_3_VERSION
- case TLS1_3_VERSION :
- tlsVersion = 13;
- break;
-# endif // TLS1_3_VERSION
- }
-
- cipherName = SSL_get_cipher_name(http->tls);
-
-#else // HAVE_GNUTLS
- switch (gnutls_protocol_get_version(http->tls))
- {
- default :
- tlsVersion = 0;
- break;
- case GNUTLS_TLS1_0 :
- tlsVersion = 10;
- break;
- case GNUTLS_TLS1_1 :
- tlsVersion = 11;
- break;
- case GNUTLS_TLS1_2 :
- tlsVersion = 12;
- break;
- case GNUTLS_TLS1_3 :
- tlsVersion = 13;
- break;
- }
- cipherName = gnutls_session_get_desc(http->tls);
-#endif // HAVE_OPENSSL
-
- printf("%s: OK (TLS: %d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName);
+ printf("%s: OK (%s)\n", server, httpGetSecurity(http, security, sizeof(security)));
printf(" %s\n", creds_str);
if (verbose)
//
// IPP Everywhere printer application for CUPS.
//
-// Copyright © 2020-2024 by OpenPrinting.
+// Copyright © 2020-2025 by OpenPrinting.
// Copyright © 2020 by the IEEE-ISTO Printer Working Group.
// Copyright © 2010-2021 by Apple Inc.
//
if (recv(httpGetFd(client->http), buf, 1, MSG_PEEK) == 1 && (!buf[0] || !strchr("DGHOPT", buf[0])))
{
+ char security[256]; // Security description
+
fprintf(stderr, "%s Starting HTTPS session.\n", client->hostname);
if (!httpSetEncryption(client->http, HTTP_ENCRYPTION_ALWAYS))
break;
}
- fprintf(stderr, "%s Connection now encrypted.\n", client->hostname);
+ fprintf(stderr, "%s Connection now encrypted (%s).\n", client->hostname, httpGetSecurity(client->http, security, sizeof(security)));
}
first_time = false;
{
if (strstr(httpGetField(client->http, HTTP_FIELD_UPGRADE), "TLS/") != NULL && !httpIsEncrypted(client->http))
{
+ char security[256]; // Security description
+
if (!respond_http(client, HTTP_STATUS_SWITCHING_PROTOCOLS, NULL, NULL, 0))
return (0);
return (0);
}
- fprintf(stderr, "%s Connection now encrypted.\n", client->hostname);
+ fprintf(stderr, "%s Connection now encrypted (%s).\n", client->hostname, httpGetSecurity(client->http, security, sizeof(security)));
}
else if (!respond_http(client, HTTP_STATUS_NOT_IMPLEMENTED, NULL, NULL, 0))
return (0);
projects / thirdparty / cups.git / commitdiff
