WiP: make it possible to set DH group id for setting CECPQ2 / 2b

2019-07-23 18:16:52 +01:00 · 2019-07-23 18:16:52 +01:00 · 412c2d4294
commit 412c2d4294
parent 50b4fa4334
3 changed files with 62 additions and 46 deletions
--- a/src/conn.c
+++ b/src/conn.c
@ -136,6 +136,15 @@ conn_init(Conn *conn)
 					"core_ssl_connect: set_cipher_list returned %d\n",
 					ssl_err);
 		}
+
+		if (param.ssl_groups) {
+			int ssl_err = SSL_set1_curves_list(conn->ssl, param.ssl_groups);
+
+			if (DBG > 2)
+				fprintf(stderr,
+					"core_ssl_connect: set_grtou returned %d\n",
+					ssl_err);
+		}
 	}
 #endif
 }
--- a/src/httperf.c
+++ b/src/httperf.c
@ -144,6 +144,7 @@ static struct option longopts[] = {
 #ifdef HAVE_SSL
 	{"ssl", no_argument, &param.use_ssl, 1},
 	{"ssl-ciphers", required_argument, (int *) &param.ssl_cipher_list, 0},
+	{"ssl-groups", required_argument, (int *) &param.ssl_groups, 0},
 	{"tls-server-name", required_argument, (int *) &param.tls_server_name, 0},
 	{"ssl-no-reuse", no_argument, &param.ssl_reuse, 0},
        {"ssl-certificate", required_argument, (int *) &param.ssl_cert,     0},
@ -186,6 +187,7 @@ usage(void)
               "\t[--ssl-certificate file] [--ssl-key file]\n"
               "\t[--ssl-ca-file file] [--ssl-ca-path path]\n"
               "\t[--ssl-verify [yes|no]] [--ssl-protocol S]\n"
+               "\t[--ssl-groups L]\n"
 #endif
 	       "\t[--think-timeout X] [--timeout X] [--verbose] [--version]\n"
 	       "\t[--wlog y|n,file] [--wsess N,N,X] [--wsesslog N,X,file]\n"
@ -647,6 +649,8 @@ main(int argc, char **argv)
 #ifdef HAVE_SSL
 			else if (flag == &param.ssl_cipher_list)
 				param.ssl_cipher_list = optarg;
+			else if (flag == &param.ssl_groups)
+				param.ssl_groups = optarg;
                        else if (flag == &param.ssl_cert)
                                param.ssl_cert = optarg;
                        else if (flag == &param.ssl_key)
@ -1310,6 +1314,8 @@ main(int argc, char **argv)
 		printf(" --ssl-ciphers=%s", param.ssl_cipher_list);
 	if (param.tls_server_name)
 		printf(" --tls-server-name=%s", param.tls_server_name);
+	if (param.ssl_groups)
+		printf(" --ssl-groups=%s", param.ssl_groups);
 	if (!param.ssl_reuse)
 		printf(" --ssl-no-reuse");
        if (param.ssl_cert) printf (" --ssl-cert=%s", param.ssl_cert);
--- a/src/httperf.h
+++ b/src/httperf.h
@ -127,6 +127,7 @@ typedef struct Cmdline_Params
    const char *ssl_key; /* client key file name */
    const char *ssl_ca_file; /* certificate authority file */
    const char *ssl_ca_path; /* certificate authority path */
+    const char *ssl_groups; /* client's list of SSL key exchange algorithms */
 #endif
    int use_timer_cache;
    const char *additional_header;	/* additional request header(s) */