httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <san...@temme.net>
Subject [1.3 PATCH] Select SSL version on ab command line
Date Tue, 21 Dec 2004 19:15:28 GMT
The following patch (inline and attached) expands the experimental -s 
flag to ab to specify the SSL version used for the benchmark run. Valid 
versions are SSLv2, SSLv3, TLSv1 and ANY in which case the program will 
use the highest version available. This code is active when httpd is 
configured with CFLAGS="-DUSE_SSL" and LDFLAGS="-lssl -lcrypto".

Downside: getopt(3) doesn't allow for an optional optarg, so a bare -s 
no longer works. I could possibly hack around that by scanning the bare 
argv string but that seems to me like a significant can of worms.

Patch:

Index: src/support/ab.8
===================================================================
--- src/support/ab.8    (revision 122972)
+++ src/support/ab.8    (working copy)
@@ -28,7 +28,7 @@
  ] [
  .B \-i
  ] [
-.B \-s
+.BI \-s " version"
  ] [
  .BI \-n " requests"
  ] [
@@ -95,14 +95,15 @@
  one or two times the standard deviation apart. And default to the
  min/avg/max values. (legacy support).
  .TP 12
-.B \-s
+.BI \-s " version"
  When compiled in (ab -h will show you) use the SSL protected
  .B https
  rather than the
  .B http
  protocol. This feature is experimental and
  .B very
-rudimentary. You propably do not want to use it.
+rudimentary. You probably do not want to use it. The version parameter
+can be (SSLv2|SSLv3|TLSv1|ANY).
  .TP 12
  .B \-k
  Enable the HTTP KeepAlive feature; that is, perform multiple requests
Index: src/support/ab.c
===================================================================
--- src/support/ab.c    (revision 122972)
+++ src/support/ab.c    (working copy)
@@ -1364,7 +1364,8 @@
      fprintf(stderr, "    -g filename     Output collected data to 
gnuplot format file.\n");
      fprintf(stderr, "    -e filename     Output CSV file with 
percentages served\n");
  #ifdef USE_SSL
-    fprintf(stderr, "    -s              Use httpS instead of HTTP 
(SSL)\n");
+    fprintf(stderr, "    -s version      Use httpS instead of HTTP 
(SSL)\n");
+    fprintf(stderr, "                    version is 
(SSLv2|SSLv3|TLSv1|ANY)\n");
  #endif
      fprintf(stderr, "    -h              Display usage information 
(this message)\n");
      exit(EINVAL);
@@ -1463,6 +1464,10 @@
  {
      int c, r, l;
      char tmp[1024];
+#ifdef USE_SSL
+    char ssl_err[40];
+    SSL_METHOD *ssl_method;
+#endif
      /* table defaults  */
      tablestring = "";
      trstring = "";
@@ -1474,13 +1479,25 @@
      optind = 1;
      while ((c = getopt(argc, argv, 
"n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq"
  #ifdef USE_SSL
-                      "s"
+                      "s:"
  #endif
                        )) > 0) {
         switch (c) {
  #ifdef USE_SSL
         case 's':
             ssl = 1;
+            if (!strcmp(optarg, "ANY")) {
+                ssl_method = SSLv23_client_method();
+            } else if (!strcmp(optarg, "SSLv2")) {
+                ssl_method = SSLv2_client_method();
+            } else if (!strcmp(optarg, "SSLv3")) {
+                ssl_method = SSLv3_client_method();
+            } else if (!strcmp(optarg, "TLSv1")) {
+                ssl_method = TLSv1_client_method();
+            } else {
+                sprintf(ssl_err, "SSL method %.4s not supported.\n", 
optarg);
+                err(ssl_err);
+            }
             break;
  #endif
         case 'n':
@@ -1655,7 +1672,7 @@

  #ifdef USE_SSL
      SSL_library_init();
-    if (!(ctx = SSL_CTX_new(SSLv2_client_method()))) {
+    if (!(ctx = SSL_CTX_new(ssl_method))) {
         fprintf(stderr, "Could not init SSL CTX: ");
         ERR_print_errors_fp(stderr);
         exit(1);

Similar patch for Apache 2 ab is forthcoming.

S.

-- 
sander@temme.net              http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

Mime
View raw message