]> git.ipfire.org Git - thirdparty/cups.git/blame - cups/tlscheck.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Pending subscriptions would prevent the scheduler from idle exiting (STR #4754)
[thirdparty/cups.git] / cups / tlscheck.c
CommitLineData
79a37326
MS		 1/*
2 * "$Id$"
3 *
4 * TLS check program for CUPS.
5 *
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * This file is subject to the Apple OS-Developed Software exception.
16 */
17
18/*
19 * Include necessary headers...
20 */
21
22#include "cups-private.h"
23
24
58796d49
MS		 25#ifndef HAVE_SSL
26int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
27#else
28
bdc4056c
MS		 29/*
30 * Local functions...
31 */
32
33static void usage(void);
34
35
79a37326
MS		 36/*
37 * 'main()' - Main entry.
38 */
39
40int /* O - Exit status */
41main(int argc, /* I - Number of command-line arguments */
42 char *argv[]) /* I - Command-line arguments */
43{
bdc4056c 44 int i; /* Looping var */
79a37326 45 http_t *http; /* HTTP connection */
bdc4056c
MS		 46 const char *server = NULL; /* Hostname from command-line */
47 int port = 0; /* Port number */
79a37326 48 const char *cipherName = "UNKNOWN";/* Cipher suite name */
bdc4056c 49 int dhBits = 0; /* Diffie-Hellman bits */
72b9a313 50 int tlsVersion = 0; /* TLS version number */
bdc4056c
MS		 51 char uri[1024], /* Printer URI */
52 scheme[32], /* URI scheme */
53 host[256], /* Hostname */
54 userpass[256], /* Username/password */
55 resource[256]; /* Resource path */
56 int tls_options = _HTTP_TLS_NONE,
57 /* TLS options */
58 verbose = 0; /* Verbosity */
59 ipp_t *request, /* IPP Get-Printer-Attributes request */
60 *response; /* IPP Get-Printer-Attributes response */
61 ipp_attribute_t *attr; /* Current attribute */
62 const char *name; /* Attribute name */
63 char value[1024]; /* Attribute (string) value */
64 static const char * const pattrs[] = /* Requested attributes */
79a37326 65 {
bdc4056c
MS		 66 "color-supported",
67 "compression-supported",
68 "document-format-supported",
69 "pages-per-minute",
70 "printer-location",
71 "printer-make-and-model",
72 "printer-state",
73 "printer-state-reasons",
74 "sides-supported",
75 "uri-authentication-supported",
76 "uri-security-supported"
77 };
78
79a37326 79
bdc4056c 80 for (i = 1; i < argc; i ++)
fb9d90d6 81 {
bdc4056c
MS		 82 if (!strcmp(argv[i], "--dh"))
83 {
84 tls_options |= _HTTP_TLS_ALLOW_DH;
85 }
86 else if (!strcmp(argv[i], "--no-tls10"))
87 {
88 tls_options |= _HTTP_TLS_DENY_TLS10;
89 }
90 else if (!strcmp(argv[i], "--rc4"))
91 {
92 tls_options |= _HTTP_TLS_ALLOW_RC4;
93 }
94 else if (!strcmp(argv[i], "--verbose") || !strcmp(argv[i], "-v"))
95 {
96 verbose = 1;
97 }
98 else if (argv[i][0] == '-')
99 {
100 printf("tlscheck: Unknown option '%s'.\n", argv[i]);
101 usage();
102 }
103 else if (!server)
104 {
105 if (!strncmp(argv[i], "ipps://", 7))
106 {
107 httpSeparateURI(HTTP_URI_CODING_ALL, argv[i], scheme, sizeof(scheme), userpass, sizeof(userpass), host, sizeof(host), &port, resource, sizeof(resource));
108 server = host;
109 }
110 else
111 {
112 server = argv[i];
113 strlcpy(resource, "/ipp/print", sizeof(resource));
114 }
115 }
116 else if (!port && (argv[i][0] == '=' || isdigit(argv[i][0] & 255)))
117 {
118 if (argv[i][0] == '=')
119 port = atoi(argv[i] + 1);
120 else
121 port = atoi(argv[i]);
122 }
fb9d90d6 123 else
bdc4056c
MS		 124 {
125 printf("tlscheck: Unexpected argument '%s'.\n", argv[i]);
126 usage();
127 }
fb9d90d6 128 }
79a37326 129
bdc4056c
MS		 130 if (!server)
131 usage();
132
133 if (!port)
134 port = 631;
135
136 _httpTLSSetOptions(tls_options);
137
79a37326
MS		 138 http = httpConnect2(server, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL);
139 if (!http)
140 {
141 printf("%s: ERROR (%s)\n", server, cupsLastErrorString());
142 return (1);
143 }
144
145#ifdef __APPLE__
72b9a313 146 SSLProtocol protocol;
79a37326
MS		 147 SSLCipherSuite cipher;
148 char unknownCipherName[256];
149 int paramsNeeded = 0;
150 const void *params;
151 size_t paramsLen;
152 OSStatus err;
153
72b9a313
MS		 154 if ((err = SSLGetNegotiatedProtocolVersion(http->tls, &protocol)) != noErr)
155 {
156 printf("%s: ERROR (No protocol version - %d)\n", server, (int)err);
157 httpClose(http);
158 return (1);
159 }
160
161 switch (protocol)
162 {
163 default :
164 tlsVersion = 0;
165 break;
166 case kSSLProtocol3 :
167 tlsVersion = 30;
168 break;
169 case kTLSProtocol1 :
170 tlsVersion = 10;
171 break;
172 case kTLSProtocol11 :
173 tlsVersion = 11;
174 break;
175 case kTLSProtocol12 :
176 tlsVersion = 12;
177 break;
178 }
179
79a37326
MS		 180 if ((err = SSLGetNegotiatedCipher(http->tls, &cipher)) != noErr)
181 {
182 printf("%s: ERROR (No cipher suite - %d)\n", server, (int)err);
183 httpClose(http);
184 return (1);
185 }
186
187 switch (cipher)
188 {
189 case TLS_NULL_WITH_NULL_NULL:
190 cipherName = "TLS_NULL_WITH_NULL_NULL";
191 break;
192 case TLS_RSA_WITH_NULL_MD5:
193 cipherName = "TLS_RSA_WITH_NULL_MD5";
194 break;
195 case TLS_RSA_WITH_NULL_SHA:
196 cipherName = "TLS_RSA_WITH_NULL_SHA";
197 break;
198 case TLS_RSA_WITH_RC4_128_MD5:
199 cipherName = "TLS_RSA_WITH_RC4_128_MD5";
200 break;
201 case TLS_RSA_WITH_RC4_128_SHA:
202 cipherName = "TLS_RSA_WITH_RC4_128_SHA";
203 break;
204 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
205 cipherName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
206 break;
207 case TLS_RSA_WITH_NULL_SHA256:
208 cipherName = "TLS_RSA_WITH_NULL_SHA256";
209 break;
210 case TLS_RSA_WITH_AES_128_CBC_SHA256:
211 cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA256";
212 break;
213 case TLS_RSA_WITH_AES_256_CBC_SHA256:
214 cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA256";
215 break;
216 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
217 cipherName = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
218 paramsNeeded = 1;
219 break;
220 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
221 cipherName = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
222 paramsNeeded = 1;
223 break;
224 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
225 cipherName = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
226 paramsNeeded = 1;
227 break;
228 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
229 cipherName = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
230 paramsNeeded = 1;
231 break;
232 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
233 cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
234 paramsNeeded = 1;
235 break;
236 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
237 cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
238 paramsNeeded = 1;
239 break;
240 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
241 cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
242 paramsNeeded = 1;
243 break;
244 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
245 cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
246 paramsNeeded = 1;
247 break;
248 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
249 cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
250 paramsNeeded = 1;
251 break;
252 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
253 cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
254 paramsNeeded = 1;
255 break;
256 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
257 cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
258 paramsNeeded = 1;
259 break;
260 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
261 cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
262 paramsNeeded = 1;
263 break;
264 case TLS_DH_anon_WITH_RC4_128_MD5:
265 cipherName = "TLS_DH_anon_WITH_RC4_128_MD5";
266 paramsNeeded = 1;
267 break;
268 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
269 cipherName = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
270 paramsNeeded = 1;
271 break;
272 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
273 cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
274 paramsNeeded = 1;
275 break;
276 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
277 cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
278 paramsNeeded = 1;
279 break;
280 case TLS_PSK_WITH_RC4_128_SHA:
281 cipherName = "TLS_PSK_WITH_RC4_128_SHA";
282 break;
283 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
284 cipherName = "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
285 break;
286 case TLS_PSK_WITH_AES_128_CBC_SHA:
287 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA";
288 break;
289 case TLS_PSK_WITH_AES_256_CBC_SHA:
290 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA";
291 break;
292 case TLS_DHE_PSK_WITH_RC4_128_SHA:
293 cipherName = "TLS_DHE_PSK_WITH_RC4_128_SHA";
294 paramsNeeded = 1;
295 break;
296 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
297 cipherName = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
298 paramsNeeded = 1;
299 break;
300 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
301 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
302 paramsNeeded = 1;
303 break;
304 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
305 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
306 paramsNeeded = 1;
307 break;
308 case TLS_RSA_PSK_WITH_RC4_128_SHA:
309 cipherName = "TLS_RSA_PSK_WITH_RC4_128_SHA";
310 break;
311 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
312 cipherName = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
313 break;
314 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
315 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
316 break;
317 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
318 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
319 break;
320 case TLS_PSK_WITH_NULL_SHA:
321 cipherName = "TLS_PSK_WITH_NULL_SHA";
322 break;
323 case TLS_DHE_PSK_WITH_NULL_SHA:
324 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA";
325 paramsNeeded = 1;
326 break;
327 case TLS_RSA_PSK_WITH_NULL_SHA:
328 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA";
329 break;
330 case TLS_RSA_WITH_AES_128_GCM_SHA256:
331 cipherName = "TLS_RSA_WITH_AES_128_GCM_SHA256";
332 break;
333 case TLS_RSA_WITH_AES_256_GCM_SHA384:
334 cipherName = "TLS_RSA_WITH_AES_256_GCM_SHA384";
335 break;
336 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
337 cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
338 paramsNeeded = 1;
339 break;
340 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
341 cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
342 paramsNeeded = 1;
343 break;
344 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
345 cipherName = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
346 paramsNeeded = 1;
347 break;
348 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
349 cipherName = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
350 paramsNeeded = 1;
351 break;
352 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
353 cipherName = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
354 paramsNeeded = 1;
355 break;
356 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
357 cipherName = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
358 paramsNeeded = 1;
359 break;
360 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
361 cipherName = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
362 paramsNeeded = 1;
363 break;
364 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
365 cipherName = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
366 paramsNeeded = 1;
367 break;
368 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
369 cipherName = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
370 paramsNeeded = 1;
371 break;
372 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
373 cipherName = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
374 paramsNeeded = 1;
375 break;
376 case TLS_PSK_WITH_AES_128_GCM_SHA256:
377 cipherName = "TLS_PSK_WITH_AES_128_GCM_SHA256";
378 break;
379 case TLS_PSK_WITH_AES_256_GCM_SHA384:
380 cipherName = "TLS_PSK_WITH_AES_256_GCM_SHA384";
381 break;
382 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
383 cipherName = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
384 paramsNeeded = 1;
385 break;
386 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
387 cipherName = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
388 paramsNeeded = 1;
389 break;
390 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
391 cipherName = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
392 break;
393 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
394 cipherName = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
395 break;
396 case TLS_PSK_WITH_AES_128_CBC_SHA256:
397 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA256";
398 break;
399 case TLS_PSK_WITH_AES_256_CBC_SHA384:
400 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA384";
401 break;
402 case TLS_PSK_WITH_NULL_SHA256:
403 cipherName = "TLS_PSK_WITH_NULL_SHA256";
404 break;
405 case TLS_PSK_WITH_NULL_SHA384:
406 cipherName = "TLS_PSK_WITH_NULL_SHA384";
407 break;
408 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
409 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
410 paramsNeeded = 1;
411 break;
412 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
413 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
414 paramsNeeded = 1;
415 break;
416 case TLS_DHE_PSK_WITH_NULL_SHA256:
417 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA256";
418 paramsNeeded = 1;
419 break;
420 case TLS_DHE_PSK_WITH_NULL_SHA384:
421 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA384";
422 paramsNeeded = 1;
423 break;
424 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
425 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
426 break;
427 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
428 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
429 break;
430 case TLS_RSA_PSK_WITH_NULL_SHA256:
431 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA256";
432 break;
433 case TLS_RSA_PSK_WITH_NULL_SHA384:
434 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA384";
435 break;
436 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
437 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
438 paramsNeeded = 1;
439 break;
440 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
441 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
442 paramsNeeded = 1;
443 break;
444 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
445 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
446 paramsNeeded = 1;
447 break;
448 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
449 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
450 paramsNeeded = 1;
451 break;
452 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
453 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
454 paramsNeeded = 1;
455 break;
456 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
457 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
458 paramsNeeded = 1;
459 break;
460 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
461 cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
462 paramsNeeded = 1;
463 break;
464 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
465 cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
466 paramsNeeded = 1;
467 break;
468 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
469 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
470 paramsNeeded = 1;
471 break;
472 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
473 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
474 paramsNeeded = 1;
475 break;
476 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
477 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
478 paramsNeeded = 1;
479 break;
480 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
481 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
482 paramsNeeded = 1;
483 break;
484 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
485 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
486 paramsNeeded = 1;
487 break;
488 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
489 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
490 paramsNeeded = 1;
491 break;
492 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
493 cipherName = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
494 paramsNeeded = 1;
495 break;
496 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
497 cipherName = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
498 paramsNeeded = 1;
499 break;
88da3fd7
MS		 500 case TLS_RSA_WITH_AES_128_CBC_SHA:
501 cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA";
502 break;
503 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
504 cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
505 paramsNeeded = 1;
506 break;
507 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
508 cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
509 paramsNeeded = 1;
510 break;
511 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
512 cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
513 paramsNeeded = 1;
514 break;
515 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
516 cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
517 paramsNeeded = 1;
518 break;
519 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
520 cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
521 paramsNeeded = 1;
522 break;
523 case TLS_RSA_WITH_AES_256_CBC_SHA:
524 cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA";
525 break;
526 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
527 cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
528 paramsNeeded = 1;
529 break;
530 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
531 cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
532 paramsNeeded = 1;
533 break;
534 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
535 cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
536 paramsNeeded = 1;
537 break;
538 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
539 cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
540 paramsNeeded = 1;
541 break;
542 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
543 cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
544 paramsNeeded = 1;
545 break;
546 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
547 cipherName = "TLS_ECDH_ECDSA_WITH_NULL_SHA";
548 paramsNeeded = 1;
549 break;
550 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
551 cipherName = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
552 paramsNeeded = 1;
553 break;
554 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
555 cipherName = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
556 paramsNeeded = 1;
557 break;
558 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
559 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
560 paramsNeeded = 1;
561 break;
562 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
563 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
564 paramsNeeded = 1;
565 break;
566 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
567 cipherName = "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
568 paramsNeeded = 1;
569 break;
570 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
571 cipherName = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
572 paramsNeeded = 1;
573 break;
574 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
575 cipherName = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
576 paramsNeeded = 1;
577 break;
578 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
579 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
580 paramsNeeded = 1;
581 break;
582 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
583 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
584 paramsNeeded = 1;
585 break;
586 case TLS_ECDH_RSA_WITH_NULL_SHA:
587 cipherName = "TLS_ECDH_RSA_WITH_NULL_SHA";
588 paramsNeeded = 1;
589 break;
590 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
591 cipherName = "TLS_ECDH_RSA_WITH_RC4_128_SHA";
592 paramsNeeded = 1;
593 break;
594 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
595 cipherName = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
596 paramsNeeded = 1;
597 break;
598 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
599 cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
600 paramsNeeded = 1;
601 break;
602 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
603 cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
604 paramsNeeded = 1;
605 break;
606 case TLS_ECDHE_RSA_WITH_NULL_SHA:
607 cipherName = "TLS_ECDHE_RSA_WITH_NULL_SHA";
608 paramsNeeded = 1;
609 break;
610 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
611 cipherName = "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
612 paramsNeeded = 1;
613 break;
614 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
615 cipherName = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
616 paramsNeeded = 1;
617 break;
618 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
619 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
620 paramsNeeded = 1;
621 break;
622 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
623 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
624 paramsNeeded = 1;
625 break;
626 case TLS_ECDH_anon_WITH_NULL_SHA:
627 cipherName = "TLS_ECDH_anon_WITH_NULL_SHA";
628 paramsNeeded = 1;
629 break;
630 case TLS_ECDH_anon_WITH_RC4_128_SHA:
631 cipherName = "TLS_ECDH_anon_WITH_RC4_128_SHA";
632 paramsNeeded = 1;
633 break;
634 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
635 cipherName = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
636 paramsNeeded = 1;
637 break;
638 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
639 cipherName = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
640 paramsNeeded = 1;
641 break;
642 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
643 cipherName = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
644 paramsNeeded = 1;
645 break;
79a37326
MS		 646 default :
647 snprintf(unknownCipherName, sizeof(unknownCipherName), "UNKNOWN_%04X", cipher);
648 cipherName = unknownCipherName;
649 break;
650 }
651
652 if (cipher == TLS_RSA_WITH_RC4_128_MD5 ||
653 cipher == TLS_RSA_WITH_RC4_128_SHA)
654 {
47ddc812 655 printf("%s: ERROR (Printers MUST NOT negotiate RC4 cipher suites.)\n", server);
79a37326
MS		 656 httpClose(http);
657 return (1);
658 }
659
660 if ((err = SSLGetDiffieHellmanParams(http->tls, &params, &paramsLen)) != noErr && paramsNeeded)
661 {
47ddc812 662 printf("%s: ERROR (Unable to get Diffie-Hellman parameters - %d)\n", server, (int)err);
79a37326
MS		 663 httpClose(http);
664 return (1);
665 }
666
667 if (paramsLen < 128 && paramsLen != 0)
668 {
47ddc812 669 printf("%s: ERROR (Diffie-Hellman parameters MUST be at least 2048 bits, but Printer uses only %d bits/%d bytes)\n", server, (int)paramsLen * 8, (int)paramsLen);
79a37326
MS		 670 httpClose(http);
671 return (1);
672 }
bdc4056c
MS		 673
674 dhBits = (int)paramsLen * 8;
79a37326
MS		 675#endif /* __APPLE__ */
676
bdc4056c 677 if (dhBits > 0)
47ddc812 678 printf("%s: OK (TLS: %d.%d, %s, %d DH bits)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName, dhBits);
bdc4056c 679 else
47ddc812 680 printf("%s: OK (TLS: %d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName);
bdc4056c
MS		 681
682 if (verbose)
683 {
684 httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipps", NULL, host, port, resource);
685 request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
686 ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
687 ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", NULL, cupsUser());
688 ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs);
689
690 response = cupsDoRequest(http, request, resource);
691
692 for (attr = ippFirstAttribute(response); attr; attr = ippNextAttribute(response))
693 {
694 if (ippGetGroupTag(attr) != IPP_TAG_PRINTER)
695 continue;
696
697 if ((name = ippGetName(attr)) == NULL)
698 continue;
699
700 ippAttributeString(attr, value, sizeof(value));
701 printf(" %s=%s\n", name, value);
702 }
703
704 ippDelete(response);
705 }
79a37326
MS		 706
707 httpClose(http);
708
709 return (0);
710}
711
712
bdc4056c
MS		 713/*
714 * 'usage()' - Show program usage.
715 */
716
717static void
718usage(void)
719{
720 puts("Usage: ./tlscheck [options] server [port]");
721 puts(" ./tlscheck [options] ipps://server[:port]/path");
722 puts("");
723 puts("Options:");
724 puts(" --dh Allow DH/DHE key exchange");
725 puts(" --no-tls10 Disable TLS/1.0");
726 puts(" --rc4 Allow RC4 encryption");
727 puts(" --verbose Be verbose");
728 puts(" -v Be verbose");
729 puts("");
730 puts("The default port is 631.");
731
732 exit(1);
733}
58796d49 734#endif /* !HAVE_SSL */
bdc4056c
MS		 735
736
79a37326
MS		 737/*
738 * End of "$Id$".
739 */
Unnamed repository; edit this file 'description' to name the repository.