Bug 1694214 - tstclnt can't enable middlebox compat mode r=beurdouche

Differential Revision: https://phabricator.services.mozilla.com/D106617
author: Hubert Kario <hkario@redhat.com> 2021-02-27 09:46:35 +0000
committer: Hubert Kario <hkario@redhat.com> 2021-02-27 09:46:35 +0000
commit: 77d52d51f7721a6d9e6e4f57eb57ecd73f684825 (patch)
tree: 94294a401fdc3a0700dc2c589d5832a8e56dcee0 /cmd
parent: 5dfc945870f644aa1b59371e490d03676ff09ab6 (diff)
download: nss-hg-77d52d51f7721a6d9e6e4f57eb57ecd73f684825.tar.gz
1 files changed, 17 insertions, 1 deletions
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c
index 639cf4f24..2c108c612 100644
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -332,6 +332,7 @@ PrintParameterUsage()
             "%-20s 0xAAAABBBBCCCCDDDD:mylabel. Otherwise, the default label of\n"
             "%-20s 'Client_identity' will be used.\n",
             "-z externalPsk", "", "", "");
+    fprintf(stderr, "%-20s Enable middlebox compatibility mode (TLS 1.3 only)\n", "-e");
 }
 
 static void
@@ -986,6 +987,7 @@ int enableSignedCertTimestamps = 0;
 int forceFallbackSCSV = 0;
 int enableExtendedMasterSecret = 0;
 PRBool requireDHNamedGroups = 0;
+PRBool middleboxCompatMode = 0;
 PRSocketOptionData opt;
 PRNetAddr addr;
 PRBool allowIPv4 = PR_TRUE;
@@ -1493,6 +1495,16 @@ run()
         }
     }
 
+    /* Middlebox compatibility mode (TLS 1.3 only) */
+    if (middleboxCompatMode) {
+        rv = SSL_OptionSet(s, SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error enabling middlebox compatibility mode");
+            error = 1;
+            goto done;
+        }
+    }
+
     /* require the use of fixed finite-field DH groups */
     if (requireDHNamedGroups) {
         rv = SSL_OptionSet(s, SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
@@ -1825,7 +1837,7 @@ main(int argc, char **argv)
     }
 
     optstate = PL_CreateOptState(argc, argv,
-                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:x:z:");
+                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:efgh:m:n:op:qr:st:uvw:x:z:");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
         switch (optstate->option) {
             case '?':
@@ -1996,6 +2008,10 @@ main(int argc, char **argv)
                 certDir = PORT_Strdup(optstate->value);
                 break;
 
+            case 'e':
+                middleboxCompatMode = PR_TRUE;
+                break;
+
             case 'f':
                 clientSpeaksFirst = PR_TRUE;
                 break;
author	Hubert Kario <hkario@redhat.com>	2021-02-27 09:46:35 +0000
committer	Hubert Kario <hkario@redhat.com>	2021-02-27 09:46:35 +0000
commit	77d52d51f7721a6d9e6e4f57eb57ecd73f684825 (patch)
tree	94294a401fdc3a0700dc2c589d5832a8e56dcee0 /cmd
parent	5dfc945870f644aa1b59371e490d03676ff09ab6 (diff)
download	nss-hg-77d52d51f7721a6d9e6e4f57eb57ecd73f684825.tar.gz