tls-test: Add options to configure TLS versions

2020-08-26 15:00:30 +02:00 · 2020-08-26 15:00:30 +02:00 · 8e35b1f1a5
parent a7f2818832
commit 8e35b1f1a5
1 changed files with 46 additions and 8 deletions
--- a/scripts/tls_test.c
+++ b/scripts/tls_test.c
@ -85,7 +85,8 @@ static identification_t *find_client_id()
 * Client routine
 */
 static int run_client(host_t *host, identification_t *server,
-					  identification_t *client, int times, tls_cache_t *cache)
+					  identification_t *client, int times, tls_cache_t *cache,
+					  tls_version_t min_version, tls_version_t max_version)
 {
 	tls_socket_t *tls;
 	int fd, res;
@ -106,8 +107,8 @@ static int run_client(host_t *host, identification_t *server,
 			close(fd);
 			return 1;
 		}
-		tls = tls_socket_create(FALSE, server, client, fd, cache, TLS_1_0,
-							    TLS_1_3, TRUE);
+		tls = tls_socket_create(FALSE, server, client, fd, cache, min_version,
+							    max_version, TRUE);
 		if (!tls)
 		{
 			close(fd);
@ -128,7 +129,8 @@ static int run_client(host_t *host, identification_t *server,
 * Server routine
 */
 static int serve(host_t *host, identification_t *server,
-				 int times, tls_cache_t *cache)
+				 int times, tls_cache_t *cache, tls_version_t min_version,
+				 tls_version_t max_version)
 {
 	tls_socket_t *tls;
 	int fd, cfd;
@ -164,8 +166,8 @@ static int serve(host_t *host, identification_t *server,
 		}
 		DBG1(DBG_TLS, "%#H connected", host);

-		tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TLS_1_0,
-								TLS_1_2, TRUE);
+		tls = tls_socket_create(TRUE, server, NULL, cfd, cache, min_version,
+								max_version, TRUE);
 		if (!tls)
 		{
 			close(fd);
@ -266,12 +268,22 @@ static void init()
 	atexit(cleanup);
 }

+/**
+ * Used to parse TLS versions
+ */
+ENUM(numeric_version_names, TLS_1_0, TLS_1_3,
+	"1.0",
+	"1.1",
+	"1.2",
+	"1.3");
+
 int main(int argc, char *argv[])
 {
 	char *address = NULL;
 	bool listen = FALSE;
 	int port = 0, times = -1, res, family = AF_UNSPEC;
 	identification_t *server, *client;
+	tls_version_t min_version = TLS_1_0, max_version = TLS_1_3;
 	tls_cache_t *cache;
 	host_t *host;

@ -289,6 +301,9 @@ int main(int argc, char *argv[])
 			{"times",		required_argument,		NULL,		't' },
 			{"ipv4",		no_argument,			NULL,		'4' },
 			{"ipv6",		no_argument,			NULL,		'6' },
+			{"min-version",	required_argument,		NULL,		'm' },
+			{"max-version",	required_argument,		NULL,		'M' },
+			{"version",		required_argument,		NULL,		'v' },
 			{"debug",		required_argument,		NULL,		'd' },
 			{0,0,0,0 }
 		};
@ -337,6 +352,28 @@ int main(int argc, char *argv[])
 			case '6':
 				family = AF_INET6;
 				continue;
+			case 'm':
+				if (!enum_from_name(numeric_version_names, optarg, &min_version))
+				{
+					fprintf(stderr, "unknown minimum TLS version: %s\n", optarg);
+					return 1;
+				}
+				continue;
+			case 'M':
+				if (!enum_from_name(numeric_version_names, optarg, &max_version))
+				{
+					fprintf(stderr, "unknown maximum TLS version: %s\n", optarg);
+					return 1;
+				}
+				continue;
+			case 'v':
+				if (!enum_from_name(numeric_version_names, optarg, &min_version))
+				{
+					fprintf(stderr, "unknown TLS version: %s\n", optarg);
+					return 1;
+				}
+				max_version = min_version;
+				continue;
 			default:
 				usage(stderr, argv[0]);
 				return 1;
@ -358,12 +395,13 @@ int main(int argc, char *argv[])
 	cache = tls_cache_create(100, 30);
 	if (listen)
 	{
-		res = serve(host, server, times, cache);
+		res = serve(host, server, times, cache, min_version, max_version);
 	}
 	else
 	{
 		client = find_client_id();
-		res = run_client(host, server, client, times, cache);
+		res = run_client(host, server, client, times, cache, min_version,
+						 max_version);
 		DESTROY_IF(client);
 	}
 	cache->destroy(cache);