diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-03-04 11:13:38 +0100 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-03-04 11:13:38 +0100 |
| commit | ad28945f5c4c219559e68a73be9005fc45536476 (patch) | |
| tree | 5852282e1a5cb1a3df6022c3149e8e8ceb984587 /cmd | |
| parent | d6e66dc6cd6747569616aed305fd0130a3cee57c (diff) | |
| download | nss-hg-ad28945f5c4c219559e68a73be9005fc45536476.tar.gz | |
Bug 1528262, add -J option to strsclnt to specify sigschemes, r=mt
Reviewers: mt
Reviewed By: mt
Bug #: 1528262
Differential Revision: https://phabricator.services.mozilla.com/D21516
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/strsclnt/strsclnt.c | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c index bba53efac..099b7bf5e 100644 --- a/cmd/strsclnt/strsclnt.c +++ b/cmd/strsclnt/strsclnt.c @@ -121,6 +121,9 @@ static PRBool enableCertStatus = PR_FALSE; PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; +static const SSLSignatureScheme *enabledSigSchemes = NULL; +static unsigned int enabledSigSchemeCount = 0; + char *progName; secuPWData pwdata = { PW_NONE, 0 }; @@ -143,7 +146,8 @@ Usage(void) "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n" " [-BDNovqs] [-f filename] [-N | -P percentage]\n" " [-w dbpasswd] [-C cipher(s)] [-t threads] [-W pwfile]\n" - " [-V [min-version]:[max-version]] [-a sniHostName] hostname\n" + " [-V [min-version]:[max-version]] [-a sniHostName]\n" + " [-J signatureschemes] hostname\n" " where -v means verbose\n" " -o flag is interpreted as follows:\n" " 1 -o means override the result of server certificate validation.\n" @@ -161,7 +165,17 @@ Usage(void) " -T enable the cert_status extension (OCSP stapling)\n" " -u enable TLS Session Ticket extension\n" " -z enable compression\n" - " -g enable false start\n", + " -g enable false start\n" + " -J enable signature schemes\n" + " This takes a comma separated list of signature schemes in preference\n" + " order.\n" + " Possible values are:\n" + " rsa_pkcs1_sha1, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512,\n" + " ecdsa_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,\n" + " ecdsa_secp521r1_sha512,\n" + " rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,\n" + " rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512,\n" + " dsa_sha1, dsa_sha256, dsa_sha384, dsa_sha512\n", progName); exit(1); } @@ -1158,6 +1172,14 @@ client_main( errExit("error setting SSL/TLS version range "); } + if (enabledSigSchemes) { + rv = SSL_SignatureSchemePrefSet(model_sock, enabledSigSchemes, + enabledSigSchemeCount); + if (rv < 0) { + errExit("SSL_SignatureSchemePrefSet"); + } + } + if (bigBuf.data) { /* doing FDX */ rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1); if (rv < 0) { @@ -1316,7 +1338,7 @@ main(int argc, char **argv) /* XXX: 'B' was used in the past but removed in 3.28, * please leave some time before resuing it. */ optstate = PL_CreateOptState(argc, argv, - "C:DNP:TUV:W:a:c:d:f:gin:op:qst:uvw:z"); + "C:DJ:NP:TUV:W:a:c:d:f:gin:op:qst:uvw:z"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case 'C': @@ -1330,6 +1352,15 @@ main(int argc, char **argv) case 'I': /* reserved for OCSP multi-stapling */ break; + case 'J': + rv = parseSigSchemeList(optstate->value, &enabledSigSchemes, &enabledSigSchemeCount); + if (rv != SECSuccess) { + PL_DestroyOptState(optstate); + fprintf(stderr, "Bad signature scheme specified.\n"); + Usage(); + } + break; + case 'N': NoReuse = 1; break; @@ -1516,6 +1547,8 @@ main(int argc, char **argv) PL_strfree(hostName); + PORT_Free((SSLSignatureScheme *)enabledSigSchemes); + /* some final stats. */ printf( "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n" |