ab: print Server Temp Key information.

trunk patch: http://svn.apache.org/r1738415
             http://svn.apache.org/r1826930
2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-ab.patch
+1: minfrin, jim, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1843411 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index fc5c1883cfe5444ce5c39cf0c9a96978b76b108b..416cb4a1917062cb365f2f6b686f2444dbb82eb3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.36
 
+  *) ab: Disable printing temp key for OpenSSL before
+     version 1.0.2. SSL_get_server_tmp_key is not available
+     there. [Rainer Jung]
+
   *) mod_ssl: Fix a regression that the configuration settings for verify mode
      and verify depth were taken from the frontend connection in case of
      connections by the proxy to the backend. PR 62769. [Ruediger Pluem]

diff --git a/STATUS b/STATUS
index 3d8ca3373b3c8b528aa8e47c2580ea0d3fbdcab5..906632c8a054a7a66683580f2b304a9b733c1768 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -124,12 +124,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) ab: print Server Temp Key information.
-     trunk patch: http://svn.apache.org/r1738415
-                  http://svn.apache.org/r1826930
-     2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-ab.patch
-     +1: minfrin, jim, ylavic
-
   *) ab: Add client certificate support.
      trunk: http://svn.apache.org/r1841784
      2.4.x: svn merge -c r1841784 ^/httpd/httpd/trunk .

diff --git a/support/ab.c b/support/ab.c
index 8d7bc268bb2cdd746248747d3ff100271aeba8dd..224bd69f99af018c128cdcab9c1ec80296343cfa 100644 (file)
--- a/support/ab.c
+++ b/support/ab.c
@@ -353,6 +353,9 @@ int is_ssl;
 SSL_CTX *ssl_ctx;
 char *ssl_cipher = NULL;
 char *ssl_info = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+char *ssl_tmp_key = NULL;
+#endif
 BIO *bio_out,*bio_err;
 #ifdef HAVE_TLSEXT
 int tls_use_sni = 1;         /* used by default, -I disables it */
@@ -732,6 +735,46 @@ static void ssl_proceed_handshake(struct connection *c)
                              SSL_CIPHER_get_name(ci),
                              pk_bits, sk_bits);
             }
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+            if (ssl_tmp_key == NULL) {
+                EVP_PKEY *key;
+                if (SSL_get_server_tmp_key(c->ssl, &key)) {
+                    ssl_tmp_key = xmalloc(128);
+                    switch (EVP_PKEY_id(key)) {
+                    case EVP_PKEY_RSA:
+                        apr_snprintf(ssl_tmp_key, 128, "RSA %d bits",
+                                     EVP_PKEY_bits(key));
+                        break;
+                    case EVP_PKEY_DH:
+                        apr_snprintf(ssl_tmp_key, 128, "DH %d bits",
+                                     EVP_PKEY_bits(key));
+                        break;
+#ifndef OPENSSL_NO_EC
+                    case EVP_PKEY_EC: {
+                        const char *cname = NULL;
+                        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+                        int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                        EC_KEY_free(ec);
+                        cname = EC_curve_nid2nist(nid);
+                        if (!cname)
+                            cname = OBJ_nid2sn(nid);
+
+                        apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",
+                                     cname,
+                                     EVP_PKEY_bits(key));
+                        break;
+                        }
+#endif
+                    default:
+                        apr_snprintf(ssl_tmp_key, 128, "%s %d bits",
+                                     OBJ_nid2sn(EVP_PKEY_id(key)),
+                                     EVP_PKEY_bits(key));
+                        break;
+                    }
+                    EVP_PKEY_free(key);
+                }
+            }
+#endif
             write_request(c);
             do_next = 0;
             break;
@@ -895,6 +938,11 @@ static void output_results(int sig)
     if (is_ssl && ssl_info) {
         printf("SSL/TLS Protocol:       %s\n", ssl_info);
     }
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+    if (is_ssl && ssl_tmp_key) {
+        printf("Server Temp Key:        %s\n", ssl_tmp_key);
+    }
+#endif
 #ifdef HAVE_TLSEXT
     if (is_ssl && tls_sni) {
         printf("TLS Server Name:        %s\n", tls_sni);