diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2015-06-17 11:12:40 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2015-07-22 11:31:36 -0400 |
| commit | 63eb1f4c6ef8c1bb68afbfc5fba8762d50c1a0a8 (patch) | |
| tree | c6d24281e56eafd81817108dae83cc8d63f39d5b /test_cipher.c | |
| parent | b77f4c23aa0f8af00d119299339d0f766a071e48 (diff) | |
| download | mod_nss-63eb1f4c6ef8c1bb68afbfc5fba8762d50c1a0a8.tar.gz mod_nss-63eb1f4c6ef8c1bb68afbfc5fba8762d50c1a0a8.tar.xz mod_nss-63eb1f4c6ef8c1bb68afbfc5fba8762d50c1a0a8.zip | |
Fix logical AND support in OpenSSL cipher compatibility
The + operator didn't perform properly at all. It is supposed
to be used either for logical AND to combine two cipher suites
or to move ciphers to the end of the list. Given that NSS
doesn't support cipher ordering + is a no-op in this case.
Also add in a slew of missing aliases: kRSA, aRSA, EDH,
ECDH, kECDHe, kECDHr, kEECDH, aECDH, aNULL, AESGCM, AES128,
AES256, CAMELLIA, CAMELLIA128, CAMELLIA256.
Fix the definition of TLSv1.2.
Define some ciphers as unimplemented in NSS.
Renumber the mask/protocol/strength values to ensure uniqueness.
Replace the existing cipher test to one that compares the output
of the NSS-generated cipher string with the openssl generated
string. There are a lot of restrictions on the openssl string
since so much isn't either implemented or needed for mod_nss.
Add a new openssl-compatible cipher request test to the server
tests.
Diffstat (limited to 'test_cipher.c')
| -rw-r--r-- | test_cipher.c | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/test_cipher.c b/test_cipher.c index 91d112b..86a88d6 100644 --- a/test_cipher.c +++ b/test_cipher.c @@ -40,7 +40,7 @@ int ap_log_error_(const char *fn, int line, int module_index, va_start(args, fmt); vsprintf(out, fmt, args); - fprintf(stderr,"%s:%d, %s", fn, line, out); + fprintf(stderr,"%s:%d, %s\n", fn, line, out); va_end(args); return 0; @@ -53,10 +53,11 @@ int main(int argc, char ** argv) int rv=0; int i; char *ciphers; + PRBool openssl_output = PR_FALSE; PRBool ciphers_list[ciphernum]; - if (argc != 2) { - fprintf(stderr, "Usage: test_cipher [--count] <cipher_list>\n"); + if (argc != 2 && argc != 3) { + fprintf(stderr, "Usage: test_cipher [--count] [--o] <cipher_list>\n"); exit(1); } @@ -70,9 +71,14 @@ int main(int argc, char ** argv) ciphers_list[i] = PR_FALSE; } - ciphers = strdup(argv[1]); + i = 1; /* index of ciphers */ + if (!strcmp(argv[1], "--o")) { + openssl_output = PR_TRUE; + i = 2; + } + + ciphers = strdup(argv[i]); if (nss_parse_ciphers(NULL, ciphers, ciphers_list) < 0) { - fprintf(stderr, "Unable to parse cipher list\n"); rv = 1; } free(ciphers); @@ -85,12 +91,22 @@ int main(int argc, char ** argv) for (i = 0; i < ciphernum; i++) { if (ciphers_list[i] == 1) { - strncat(output, ciphers_def[i].name, sizeof(output)); - strncat(output, ", ", sizeof(output)); + if (openssl_output) { + strncat(output, ciphers_def[i].openssl_name, sizeof(output)); + strncat(output, ":", sizeof(output)); + } else { + strncat(output, ciphers_def[i].name, sizeof(output)); + strncat(output, ", ", sizeof(output)); + } } } - output[strlen(output) - 2] = '\0'; + if (openssl_output) + output[strlen(output) - 1] = '\0'; + else + output[strlen(output) - 2] = '\0'; fprintf(stdout, "%s\n", output); + } else { + fprintf(stdout, "Unable to parse cipher list\n"); } return rv; |