From: Tobias Brunner Date: Wed, 26 Aug 2020 13:00:30 +0000 (+0200) Subject: tls-test: Add options to configure TLS versions X-Git-Tag: 5.9.2rc1~23^2~73 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e35b1f1a57cf5ac73a517828910da3e5d73f515;p=thirdparty%2Fstrongswan.git tls-test: Add options to configure TLS versions --- diff --git a/scripts/tls_test.c b/scripts/tls_test.c index 5e9e95462b..4e3a1ccfa4 100644 --- a/scripts/tls_test.c +++ b/scripts/tls_test.c @@ -85,7 +85,8 @@ static identification_t *find_client_id() * Client routine */ static int run_client(host_t *host, identification_t *server, - identification_t *client, int times, tls_cache_t *cache) + identification_t *client, int times, tls_cache_t *cache, + tls_version_t min_version, tls_version_t max_version) { tls_socket_t *tls; int fd, res; @@ -106,8 +107,8 @@ static int run_client(host_t *host, identification_t *server, close(fd); return 1; } - tls = tls_socket_create(FALSE, server, client, fd, cache, TLS_1_0, - TLS_1_3, TRUE); + tls = tls_socket_create(FALSE, server, client, fd, cache, min_version, + max_version, TRUE); if (!tls) { close(fd); @@ -128,7 +129,8 @@ static int run_client(host_t *host, identification_t *server, * Server routine */ static int serve(host_t *host, identification_t *server, - int times, tls_cache_t *cache) + int times, tls_cache_t *cache, tls_version_t min_version, + tls_version_t max_version) { tls_socket_t *tls; int fd, cfd; @@ -164,8 +166,8 @@ static int serve(host_t *host, identification_t *server, } DBG1(DBG_TLS, "%#H connected", host); - tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TLS_1_0, - TLS_1_2, TRUE); + tls = tls_socket_create(TRUE, server, NULL, cfd, cache, min_version, + max_version, TRUE); if (!tls) { close(fd); @@ -266,12 +268,22 @@ static void init() atexit(cleanup); } +/** + * Used to parse TLS versions + */ +ENUM(numeric_version_names, TLS_1_0, TLS_1_3, + "1.0", + "1.1", + "1.2", + "1.3"); + int main(int argc, char *argv[]) { char *address = NULL; bool listen = FALSE; int port = 0, times = -1, res, family = AF_UNSPEC; identification_t *server, *client; + tls_version_t min_version = TLS_1_0, max_version = TLS_1_3; tls_cache_t *cache; host_t *host; @@ -289,6 +301,9 @@ int main(int argc, char *argv[]) {"times", required_argument, NULL, 't' }, {"ipv4", no_argument, NULL, '4' }, {"ipv6", no_argument, NULL, '6' }, + {"min-version", required_argument, NULL, 'm' }, + {"max-version", required_argument, NULL, 'M' }, + {"version", required_argument, NULL, 'v' }, {"debug", required_argument, NULL, 'd' }, {0,0,0,0 } }; @@ -337,6 +352,28 @@ int main(int argc, char *argv[]) case '6': family = AF_INET6; continue; + case 'm': + if (!enum_from_name(numeric_version_names, optarg, &min_version)) + { + fprintf(stderr, "unknown minimum TLS version: %s\n", optarg); + return 1; + } + continue; + case 'M': + if (!enum_from_name(numeric_version_names, optarg, &max_version)) + { + fprintf(stderr, "unknown maximum TLS version: %s\n", optarg); + return 1; + } + continue; + case 'v': + if (!enum_from_name(numeric_version_names, optarg, &min_version)) + { + fprintf(stderr, "unknown TLS version: %s\n", optarg); + return 1; + } + max_version = min_version; + continue; default: usage(stderr, argv[0]); return 1; @@ -358,12 +395,13 @@ int main(int argc, char *argv[]) cache = tls_cache_create(100, 30); if (listen) { - res = serve(host, server, times, cache); + res = serve(host, server, times, cache, min_version, max_version); } else { client = find_client_id(); - res = run_client(host, server, client, times, cache); + res = run_client(host, server, client, times, cache, min_version, + max_version); DESTROY_IF(client); } cache->destroy(cache);