httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <san...@temme.net>
Subject [PATCH] Select SSL version on ab command line
Date Tue, 21 Dec 2004 22:51:16 GMT
This is the httpd-trunk version of the patch discussed under 
ACF2EAFF-5384-11D9-A698-000393105F60@temme.net 
(http://marc.theaimsgroup.com/?t=110365671700001&r=1&w=2). It adds a -m 
flag to ab that allows you to enforce the SSL version used by ab on the 
command line.

I also updated the ab.xml documentation file, but how do I render that? 
I tried 'make docs' and got:

[sctemme@MonaLisa] httpd-trunk $ make docs
mkdir -p ./docs/api
srclib/apr/build/scandoc.pl -i./build/default.pl -p./docs/api/ 
./include/*.h
/bin/sh: line 1: srclib/apr/build/scandoc.pl: No such file or directory
make: *** [docs] Error 127

Something missing?

Patch (inline and attached):

Index: support/ab.c
===================================================================
--- support/ab.c	(revision 123012)
+++ support/ab.c	(working copy)
@@ -1845,6 +1845,9 @@
      fprintf(stderr, "    -e filename     Output CSV file with 
percentages served\n");
  #ifdef USE_SSL
      fprintf(stderr, "    -s              Use httpS instead of HTTP 
(SSL)\n");
+    fprintf(stderr, "    -m version      SSL version is 
(SSLv2|SSLv3|TLSv1)\n");
+    fprintf(stderr, "                    If not specified, use highest 
available.\n");
+    fprintf(stderr, "                    Use this option together with 
-s. \n");
  #endif
      fprintf(stderr, "    -h              Display usage information 
(this message)\n");
      exit(EINVAL);
@@ -1977,6 +1980,9 @@
      apr_getopt_t *opt;
      const char *optarg;
      char c;
+#ifdef USE_SSL
+    SSL_METHOD *ssl_method = NULL;
+#endif

      /* table defaults  */
      tablestring = "";
@@ -2012,18 +2018,30 @@
      apr_getopt_init(&opt, cntxt, argc, argv);
      while ((status = apr_getopt(opt, 
"n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq"
  #ifdef USE_SSL
-            "s"
+            "sm:"
  #endif
              ,&c, &optarg)) == APR_SUCCESS) {
          switch (c) {
-            case 's':
  #ifdef USE_SSL
+            case 's:':
                  ssl = 1;
+                if (ssl_method == NULL) {
+                    ssl_method = SSLv23_client_method();
+                }
                  break;
-#else
-                fprintf(stderr, "SSL not compiled in; no https 
support\n");
-                exit(1);
-#endif
+        case 'm':
+                if (!apr_strnatcmp(optarg, "SSLv2")) {
+                    ssl_method = SSLv2_client_method();
+                } else if (!apr_strnatcmp(optarg, "SSLv3")) {
+                    ssl_method = SSLv3_client_method();
+                } else if (!apr_strnatcmp(optarg, "TLSv1")) {
+                    ssl_method = TLSv1_client_method();
+                } else {
+                    fprintf(stderr, "SSL method %s not supported. 
Defaulting to highest "
+                            "supported version.\n", optarg);
+                    ssl_method = SSLv23_client_method();
+                }
+                break;
              case 'n':
                  requests = atoi(optarg);
                  if (!requests) {
@@ -2193,8 +2211,7 @@
      bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
      bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-    /* TODO: Allow force SSLv2_client_method() (TLSv1?) */
-    if (!(ctx = SSL_CTX_new(SSLv23_client_method()))) {
+    if (!(ctx = SSL_CTX_new(ssl_method))) {
          fprintf(stderr, "Could not init SSL CTX");
          ERR_print_errors_fp(stderr);
          exit(1);
Index: docs/manual/programs/ab.xml
===================================================================
--- docs/manual/programs/ab.xml	(revision 123012)
+++ docs/manual/programs/ab.xml	(working copy)
@@ -50,6 +50,7 @@
      [ -<strong>P</strong> 
<var>proxy-auth-username</var>:<var>password</var> ]
      [ -<strong>q</strong> ]
      [ -<strong>s</strong> ]
+    [ -<strong>m</strong> <var>version</var> ]
      [ -<strong>S</strong> ]
      [ -<strong>t</strong> <var>timelimit</var> ]
      [ -<strong>T</strong> <var>content-type</var> ]
@@ -137,6 +138,12 @@
      This feature is experimental and <em>very</em> rudimentary. You 
probably
      do not want to use it.</dd>

+    <dt><code>-m <var>version</var></code></dt>
+    <dd>The version parameter can be
+    <code>(SSLv2|SSLv3|TLSv1)</code>. To be used together with
+    <strong>-s</strong>. When not specified, use highest available
+    version.</dd>
+
      <dt><code>-S</code></dt>
      <dd>Do not display the median and standard deviation values, nor 
display
      the warning/error messages when the average and median are more 
than

-- 
sander@temme.net              http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

Mime
View raw message