Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 49918D9D0 for ; Sun, 7 Oct 2012 06:27:46 +0000 (UTC) Received: (qmail 37840 invoked by uid 500); 7 Oct 2012 06:27:45 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 37547 invoked by uid 500); 7 Oct 2012 06:27:41 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 37531 invoked by uid 99); 7 Oct 2012 06:27:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Oct 2012 06:27:40 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Oct 2012 06:27:38 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id ECD3A23889B8; Sun, 7 Oct 2012 06:26:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: svn commit: r1395225 - in /httpd/httpd/trunk: CHANGES support/ab.c Date: Sun, 07 Oct 2012 06:26:53 -0000 To: cvs@httpd.apache.org From: kbrand@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121007062653.ECD3A23889B8@eris.apache.org> Author: kbrand Date: Sun Oct 7 06:26:53 2012 New Revision: 1395225 URL: http://svn.apache.org/viewvc?rev=1395225&view=rev Log: Allow forced setting of TLS1.1 and TLS1.2 protocols with the -f command-line switch, and adapt the output to more accurately report what SSL/TLS protocol was negotiated (use SSL_get_version() instead of SSL_CIPHER_get_version()). PR: 53916 Submitted by: Nicolás Pernas Maradei Reviewed/amended by: Kaspar Brand Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/support/ab.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1395225&r1=1395224&r2=1395225&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Sun Oct 7 06:26:53 2012 @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output + to more accurately report the negotiated protocol. PR 53916. + [Nicolás Pernas Maradei , Kaspar Brand] + *) mod_systemd: New module, for integration with systemd on Linux. [Jan Kaluza ] Modified: httpd/httpd/trunk/support/ab.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=1395225&r1=1395224&r2=1395225&view=diff ============================================================================== --- httpd/httpd/trunk/support/ab.c (original) +++ httpd/httpd/trunk/support/ab.c Sun Oct 7 06:26:53 2012 @@ -183,6 +183,9 @@ typedef STACK_OF(X509) X509_STACK_TYPE; #else #define AB_SSL_CIPHER_CONST #endif +#ifdef SSL_OP_NO_TLSv1_2 +#define HAVE_TLSV1_X +#endif #endif #include @@ -525,6 +528,8 @@ static int ssl_print_connection_info(BIO AB_SSL_CIPHER_CONST SSL_CIPHER *c; int alg_bits,bits; + BIO_printf(bio,"Transport Protocol :%s\n", SSL_get_version(ssl)); + c = SSL_get_current_cipher(ssl); BIO_printf(bio,"Cipher Suite Protocol :%s\n", SSL_CIPHER_get_version(c)); BIO_printf(bio,"Cipher Suite Name :%s\n",SSL_CIPHER_get_name(c)); @@ -623,7 +628,7 @@ static void ssl_proceed_handshake(struct ssl_info = malloc(128); apr_snprintf(ssl_info, 128, "%s,%s,%d,%d", - SSL_CIPHER_get_version(ci), + SSL_get_version(c->ssl), SSL_CIPHER_get_name(ci), pk_bits, sk_bits); } @@ -1899,12 +1904,22 @@ static void usage(const char *progname) fprintf(stderr, " -r Don't exit on socket receive errors.\n"); fprintf(stderr, " -h Display usage information (this message)\n"); #ifdef USE_SSL - fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n"); + #ifndef OPENSSL_NO_SSL2 - fprintf(stderr, " -f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)\n"); +#define SSL2_HELP_MSG "SSL2, " +#else +#define SSL2_HELP_MSG "" +#endif + +#ifdef HAVE_TLSV1_X +#define TLS1_X_HELP_MSG ", TLS1.1, TLS1.2" #else - fprintf(stderr, " -f protocol Specify SSL/TLS protocol (SSL3, TLS1, or ALL)\n"); +#define TLS1_X_HELP_MSG "" #endif + + fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n"); + fprintf(stderr, " -f protocol Specify SSL/TLS protocol\n"); + fprintf(stderr, " (" SSL2_HELP_MSG "SSL3, TLS1" TLS1_X_HELP_MSG " or ALL)\n"); #endif exit(EINVAL); } @@ -2244,6 +2259,12 @@ int main(int argc, const char * const ar #endif } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) { meth = SSLv3_client_method(); +#ifdef HAVE_TLSV1_X + } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) { + meth = TLSv1_1_client_method(); + } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) { + meth = TLSv1_2_client_method(); +#endif } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) { meth = TLSv1_client_method(); }