tls-test: Add option to make client authentication optional

This commit is contained in:
Tobias Brunner 2021-02-18 15:36:59 +01:00
parent 760f3b730f
commit 82116dba66
1 changed files with 29 additions and 21 deletions

View File

@ -38,7 +38,7 @@ static void usage(FILE *out, char *cmd)
{ {
fprintf(out, "usage:\n"); fprintf(out, "usage:\n");
fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>] [--cacert <file>]+ [--times <n>]\n", cmd); fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>] [--cacert <file>]+ [--times <n>]\n", cmd);
fprintf(out, " %s --listen <address> --port <port> --key <key> --cert <file> [--cacert <file>]+ [--times <n>]\n", cmd); fprintf(out, " %s --listen <address> --port <port> --key <key> --cert <file> [--cacert <file>]+ [--auth-optional] [--times <n>]\n", cmd);
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "options:\n"); fprintf(out, "options:\n");
fprintf(out, " --help print help and exit\n"); fprintf(out, " --help print help and exit\n");
@ -48,6 +48,7 @@ static void usage(FILE *out, char *cmd)
fprintf(out, " --cert <file> certificate to authenticate itself\n"); fprintf(out, " --cert <file> certificate to authenticate itself\n");
fprintf(out, " --key <file> private key to authenticate itself\n"); fprintf(out, " --key <file> private key to authenticate itself\n");
fprintf(out, " --cacert <file> certificate to verify other peer\n"); fprintf(out, " --cacert <file> certificate to verify other peer\n");
fprintf(out, " --auth-optional don't enforce client authentication\n");
fprintf(out, " --times <n> specify the amount of repeated connection establishments\n"); fprintf(out, " --times <n> specify the amount of repeated connection establishments\n");
fprintf(out, " --ipv4 use IPv4\n"); fprintf(out, " --ipv4 use IPv4\n");
fprintf(out, " --ipv6 use IPv6\n"); fprintf(out, " --ipv6 use IPv6\n");
@ -109,7 +110,8 @@ static identification_t *find_client_id()
*/ */
static int run_client(host_t *host, identification_t *server, static int run_client(host_t *host, identification_t *server,
identification_t *client, int times, tls_cache_t *cache, identification_t *client, int times, tls_cache_t *cache,
tls_version_t min_version, tls_version_t max_version) tls_version_t min_version, tls_version_t max_version,
tls_flag_t flags)
{ {
tls_socket_t *tls; tls_socket_t *tls;
int fd, res; int fd, res;
@ -131,7 +133,7 @@ static int run_client(host_t *host, identification_t *server,
return 1; return 1;
} }
tls = tls_socket_create(FALSE, server, client, fd, cache, min_version, tls = tls_socket_create(FALSE, server, client, fd, cache, min_version,
max_version, TLS_FLAG_ENCRYPTION_OPTIONAL); max_version, flags);
if (!tls) if (!tls)
{ {
close(fd); close(fd);
@ -153,7 +155,7 @@ static int run_client(host_t *host, identification_t *server,
*/ */
static int serve(host_t *host, identification_t *server, identification_t *client, static int serve(host_t *host, identification_t *server, identification_t *client,
int times, tls_cache_t *cache, tls_version_t min_version, int times, tls_cache_t *cache, tls_version_t min_version,
tls_version_t max_version) tls_version_t max_version, tls_flag_t flags)
{ {
tls_socket_t *tls; tls_socket_t *tls;
int fd, cfd; int fd, cfd;
@ -190,7 +192,7 @@ static int serve(host_t *host, identification_t *server, identification_t *clien
DBG1(DBG_TLS, "%#H connected", host); DBG1(DBG_TLS, "%#H connected", host);
tls = tls_socket_create(TRUE, server, client, cfd, cache, min_version, tls = tls_socket_create(TRUE, server, client, cfd, cache, min_version,
max_version, TLS_FLAG_ENCRYPTION_OPTIONAL); max_version, flags);
if (!tls) if (!tls)
{ {
close(fd); close(fd);
@ -301,6 +303,7 @@ int main(int argc, char *argv[])
int port = 0, times = -1, res, family = AF_UNSPEC; int port = 0, times = -1, res, family = AF_UNSPEC;
identification_t *server, *client = NULL; identification_t *server, *client = NULL;
tls_version_t min_version = TLS_SUPPORTED_MIN, max_version = TLS_SUPPORTED_MAX; tls_version_t min_version = TLS_SUPPORTED_MIN, max_version = TLS_SUPPORTED_MAX;
tls_flag_t flags = TLS_FLAG_ENCRYPTION_OPTIONAL;
tls_cache_t *cache; tls_cache_t *cache;
host_t *host; host_t *host;
@ -309,20 +312,21 @@ int main(int argc, char *argv[])
while (TRUE) while (TRUE)
{ {
struct option long_opts[] = { struct option long_opts[] = {
{"help", no_argument, NULL, 'h' }, {"help", no_argument, NULL, 'h' },
{"connect", required_argument, NULL, 'c' }, {"connect", required_argument, NULL, 'c' },
{"listen", required_argument, NULL, 'l' }, {"listen", required_argument, NULL, 'l' },
{"port", required_argument, NULL, 'p' }, {"port", required_argument, NULL, 'p' },
{"cert", required_argument, NULL, 'x' }, {"cert", required_argument, NULL, 'x' },
{"key", required_argument, NULL, 'k' }, {"key", required_argument, NULL, 'k' },
{"cacert", required_argument, NULL, 'f' }, {"cacert", required_argument, NULL, 'f' },
{"times", required_argument, NULL, 't' }, {"times", required_argument, NULL, 't' },
{"ipv4", no_argument, NULL, '4' }, {"ipv4", no_argument, NULL, '4' },
{"ipv6", no_argument, NULL, '6' }, {"ipv6", no_argument, NULL, '6' },
{"min-version", required_argument, NULL, 'm' }, {"min-version", required_argument, NULL, 'm' },
{"max-version", required_argument, NULL, 'M' }, {"max-version", required_argument, NULL, 'M' },
{"version", required_argument, NULL, 'v' }, {"version", required_argument, NULL, 'v' },
{"debug", required_argument, NULL, 'd' }, {"auth-optional", no_argument, NULL, 'n' },
{"debug", required_argument, NULL, 'd' },
{0,0,0,0 } {0,0,0,0 }
}; };
switch (getopt_long(argc, argv, "", long_opts, NULL)) switch (getopt_long(argc, argv, "", long_opts, NULL))
@ -402,6 +406,9 @@ int main(int argc, char *argv[])
} }
max_version = min_version; max_version = min_version;
continue; continue;
case 'n':
flags |= TLS_FLAG_CLIENT_AUTH_OPTIONAL;
continue;
default: default:
usage(stderr, argv[0]); usage(stderr, argv[0]);
return 1; return 1;
@ -423,14 +430,15 @@ int main(int argc, char *argv[])
cache = tls_cache_create(100, 30); cache = tls_cache_create(100, 30);
if (listen) if (listen)
{ {
res = serve(host, server, client, times, cache, min_version, max_version); res = serve(host, server, client, times, cache, min_version,
max_version, flags);
} }
else else
{ {
DESTROY_IF(client); DESTROY_IF(client);
client = find_client_id(); client = find_client_id();
res = run_client(host, server, client, times, cache, min_version, res = run_client(host, server, client, times, cache, min_version,
max_version); max_version, flags);
DESTROY_IF(client); DESTROY_IF(client);
} }
cache->destroy(cache); cache->destroy(cache);