From e82d0ab755f17fab348e81d67f439c39c47482a0 Mon Sep 17 00:00:00 2001 From: Muzaffar Auhammud Date: Fri, 2 Nov 2018 16:21:57 +0400 Subject: [PATCH] Add support for Server Name Indication. Done during IETF 103 hackathon This patch adds support for SNI (Server Name Indication). The option --tls-server-name has been added in order to specify the server name to be used in the SeverName extension sent in the ClientHello for TLS connections. The newly added --tls-server-name option is optional: If not specified, httperf will simply function as usual by omitting the ServerName extension in the ClientHello for TLS connections. Closes: #47 Signed-off-by: Muzaffar Auhammud --- src/conn.c | 5 +++++ src/httperf.c | 16 ++++++++++++++++ src/httperf.h | 1 + 3 files changed, 22 insertions(+) diff --git a/src/conn.c b/src/conn.c index 861b989..b9a3f97 100755 --- a/src/conn.c +++ b/src/conn.c @@ -122,6 +122,11 @@ conn_init(Conn *conn) exit(-1); } + if (param.tls_server_name) + { + SSL_set_tlsext_host_name(conn->ssl, param.tls_server_name); + } + if (param.ssl_cipher_list) { /* set order of ciphers */ int ssl_err = SSL_set_cipher_list(conn->ssl, param.ssl_cipher_list); diff --git a/src/httperf.c b/src/httperf.c index 49727de..af6f568 100755 --- a/src/httperf.c +++ b/src/httperf.c @@ -144,6 +144,7 @@ static struct option longopts[] = { #ifdef HAVE_SSL {"ssl", no_argument, ¶m.use_ssl, 1}, {"ssl-ciphers", required_argument, (int *) ¶m.ssl_cipher_list, 0}, + {"tls-server-name", required_argument, (int *) ¶m.tls_server_name, 0}, {"ssl-no-reuse", no_argument, ¶m.ssl_reuse, 0}, {"ssl-certificate", required_argument, (int *) ¶m.ssl_cert, 0}, {"ssl-key", required_argument, (int *) ¶m.ssl_key, 0}, @@ -697,6 +698,19 @@ main(int argc, char **argv) exit (1); } } + else if (flag == ¶m.tls_server_name) + { + if (param.ssl_protocol >= 4) + { + param.tls_server_name = optarg; + } + else + { + fprintf (stderr, "%s: Error setting the SNI (Server Name Indication) server name to %s. The --tls-server-name option can only be used if --ssl-protocol-version is set to TLSv1.0 and above.\n", + prog_name, optarg); + exit (1); + } + } #endif else if (flag == ¶m.uri) param.uri = optarg; @@ -1294,6 +1308,8 @@ main(int argc, char **argv) printf(" --ssl"); if (param.ssl_cipher_list) printf(" --ssl-ciphers=%s", param.ssl_cipher_list); + if (param.tls_server_name) + printf(" --tls-server-name=%s", param.tls_server_name); if (!param.ssl_reuse) printf(" --ssl-no-reuse"); if (param.ssl_cert) printf (" --ssl-cert=%s", param.ssl_cert); diff --git a/src/httperf.h b/src/httperf.h index 9d40a8a..e51b4ac 100755 --- a/src/httperf.h +++ b/src/httperf.h @@ -121,6 +121,7 @@ typedef struct Cmdline_Params int ssl_reuse; /* reuse SSL Session ID */ int ssl_verify; /* whether to verify the server certificate */ int ssl_protocol; /* which SSL protocol to use */ + const char *tls_server_name; /* TLS SNI (server name indication) */ const char *ssl_cipher_list; /* client's list of SSL cipher suites */ const char *ssl_cert; /* client certificate file name */ const char *ssl_key; /* client key file name */