From: Graham Leggett Date: Wed, 10 Oct 2018 09:10:15 +0000 (+0000) Subject: ab: print Server Temp Key information. X-Git-Tag: 2.4.36~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e4ac13ff5756c2b69d7cfe2975fa8179450f9b5;p=thirdparty%2Fapache%2Fhttpd.git ab: print Server Temp Key information. trunk patch: http://svn.apache.org/r1738415 http://svn.apache.org/r1826930 2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-ab.patch +1: minfrin, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1843411 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index fc5c1883cfe..416cb4a1917 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.36 + *) ab: Disable printing temp key for OpenSSL before + version 1.0.2. SSL_get_server_tmp_key is not available + there. [Rainer Jung] + *) mod_ssl: Fix a regression that the configuration settings for verify mode and verify depth were taken from the frontend connection in case of connections by the proxy to the backend. PR 62769. [Ruediger Pluem] diff --git a/STATUS b/STATUS index 3d8ca3373b3..906632c8a05 100644 --- a/STATUS +++ b/STATUS @@ -124,12 +124,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) ab: print Server Temp Key information. - trunk patch: http://svn.apache.org/r1738415 - http://svn.apache.org/r1826930 - 2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-ab.patch - +1: minfrin, jim, ylavic - *) ab: Add client certificate support. trunk: http://svn.apache.org/r1841784 2.4.x: svn merge -c r1841784 ^/httpd/httpd/trunk . diff --git a/support/ab.c b/support/ab.c index 8d7bc268bb2..224bd69f99a 100644 --- a/support/ab.c +++ b/support/ab.c @@ -353,6 +353,9 @@ int is_ssl; SSL_CTX *ssl_ctx; char *ssl_cipher = NULL; char *ssl_info = NULL; +#if OPENSSL_VERSION_NUMBER >= 0x10002000L +char *ssl_tmp_key = NULL; +#endif BIO *bio_out,*bio_err; #ifdef HAVE_TLSEXT int tls_use_sni = 1; /* used by default, -I disables it */ @@ -732,6 +735,46 @@ static void ssl_proceed_handshake(struct connection *c) SSL_CIPHER_get_name(ci), pk_bits, sk_bits); } +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (ssl_tmp_key == NULL) { + EVP_PKEY *key; + if (SSL_get_server_tmp_key(c->ssl, &key)) { + ssl_tmp_key = xmalloc(128); + switch (EVP_PKEY_id(key)) { + case EVP_PKEY_RSA: + apr_snprintf(ssl_tmp_key, 128, "RSA %d bits", + EVP_PKEY_bits(key)); + break; + case EVP_PKEY_DH: + apr_snprintf(ssl_tmp_key, 128, "DH %d bits", + EVP_PKEY_bits(key)); + break; +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: { + const char *cname = NULL; + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + EC_KEY_free(ec); + cname = EC_curve_nid2nist(nid); + if (!cname) + cname = OBJ_nid2sn(nid); + + apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits", + cname, + EVP_PKEY_bits(key)); + break; + } +#endif + default: + apr_snprintf(ssl_tmp_key, 128, "%s %d bits", + OBJ_nid2sn(EVP_PKEY_id(key)), + EVP_PKEY_bits(key)); + break; + } + EVP_PKEY_free(key); + } + } +#endif write_request(c); do_next = 0; break; @@ -895,6 +938,11 @@ static void output_results(int sig) if (is_ssl && ssl_info) { printf("SSL/TLS Protocol: %s\n", ssl_info); } +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (is_ssl && ssl_tmp_key) { + printf("Server Temp Key: %s\n", ssl_tmp_key); + } +#endif #ifdef HAVE_TLSEXT if (is_ssl && tls_sni) { printf("TLS Server Name: %s\n", tls_sni);