OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 ** | 6 ** |
7 ** Sample client side test program that uses SSL and NSS | 7 ** Sample client side test program that uses SSL and NSS |
8 ** | 8 ** |
9 */ | 9 */ |
10 | 10 |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
55 #define EXIT_CODE_SIDECHANNELTEST_REVOKED 3 | 55 #define EXIT_CODE_SIDECHANNELTEST_REVOKED 3 |
56 | 56 |
57 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; | 57 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; |
58 | 58 |
59 int ssl3CipherSuites[] = { | 59 int ssl3CipherSuites[] = { |
60 -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ | 60 -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ |
61 -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */ | 61 -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */ |
62 TLS_RSA_WITH_RC4_128_MD5, /* c */ | 62 TLS_RSA_WITH_RC4_128_MD5, /* c */ |
63 TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ | 63 TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ |
64 TLS_RSA_WITH_DES_CBC_SHA, /* e */ | 64 TLS_RSA_WITH_DES_CBC_SHA, /* e */ |
65 TLS_RSA_EXPORT_WITH_RC4_40_MD5,» » /* f */ | 65 -1, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5,» * f */ |
66 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,»» /* g */ | 66 -1, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,» * g */ |
67 -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ | 67 -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ |
68 TLS_RSA_WITH_NULL_MD5, /* i */ | 68 TLS_RSA_WITH_NULL_MD5, /* i */ |
69 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ | 69 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ |
70 SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ | 70 SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ |
71 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,» /* l */ | 71 -1, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,» * l */ |
72 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,» /* m */ | 72 -1, /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,» * m */ |
73 TLS_RSA_WITH_RC4_128_SHA, /* n */ | 73 TLS_RSA_WITH_RC4_128_SHA, /* n */ |
74 TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ | 74 TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ |
75 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ | 75 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ |
76 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ | 76 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ |
77 TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ | 77 TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ |
78 TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ | 78 TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ |
79 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ | 79 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ |
80 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ | 80 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ |
81 TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ | 81 TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ |
82 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ | 82 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
213 "%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n", | 213 "%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n", |
214 "-V [min]:[max]", "", "", ""); | 214 "-V [min]:[max]", "", "", ""); |
215 fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K"); | 215 fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K"); |
216 fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S"
); | 216 fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S"
); |
217 fprintf(stderr, "%-20s Client speaks first. \n", "-f"); | 217 fprintf(stderr, "%-20s Client speaks first. \n", "-f"); |
218 fprintf(stderr, "%-20s Use synchronous certificate validation " | 218 fprintf(stderr, "%-20s Use synchronous certificate validation " |
219 "(currently required for TLS 1.3)\n", "-O"); | 219 "(currently required for TLS 1.3)\n", "-O"); |
220 fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o"); | 220 fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o"); |
221 fprintf(stderr, "%-20s Disable SSL socket locking.\n", "-s"); | 221 fprintf(stderr, "%-20s Disable SSL socket locking.\n", "-s"); |
222 fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v"); | 222 fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v"); |
223 fprintf(stderr, "%-20s Use export policy.\n", "-x"); | |
224 fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q"); | 223 fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q"); |
225 fprintf(stderr, "%-20s Timeout for server ping (default: no timeout).\n", "-
t seconds"); | 224 fprintf(stderr, "%-20s Timeout for server ping (default: no timeout).\n", "-
t seconds"); |
226 fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-
r N"); | 225 fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-
r N"); |
227 fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); | 226 fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); |
228 fprintf(stderr, "%-20s Enable compression.\n", "-z"); | 227 fprintf(stderr, "%-20s Enable compression.\n", "-z"); |
229 fprintf(stderr, "%-20s Enable false start.\n", "-g"); | 228 fprintf(stderr, "%-20s Enable false start.\n", "-g"); |
230 fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n",
"-T"); | 229 fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n",
"-T"); |
231 fprintf(stderr, "%-20s Enable the signed_certificate_timestamp extension.\n"
, "-U"); | 230 fprintf(stderr, "%-20s Enable the signed_certificate_timestamp extension.\n"
, "-U"); |
232 fprintf(stderr, "%-20s Enable the extended master secret extension (session
hash).\n", "-G"); | 231 fprintf(stderr, "%-20s Enable the extended master secret extension (session
hash).\n", "-G"); |
233 fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n" | 232 fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n" |
(...skipping 25 matching lines...) Expand all Loading... |
259 | 258 |
260 static void PrintCipherUsage(const char *progName) | 259 static void PrintCipherUsage(const char *progName) |
261 { | 260 { |
262 PrintUsageHeader(progName); | 261 PrintUsageHeader(progName); |
263 fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",· | 262 fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",· |
264 "-c ciphers"); | 263 "-c ciphers"); |
265 fprintf(stderr,· | 264 fprintf(stderr,· |
266 "c SSL3 RSA WITH RC4 128 MD5\n" | 265 "c SSL3 RSA WITH RC4 128 MD5\n" |
267 "d SSL3 RSA WITH 3DES EDE CBC SHA\n" | 266 "d SSL3 RSA WITH 3DES EDE CBC SHA\n" |
268 "e SSL3 RSA WITH DES CBC SHA\n" | 267 "e SSL3 RSA WITH DES CBC SHA\n" |
269 "f SSL3 RSA EXPORT WITH RC4 40 MD5\n" | |
270 "g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n" | |
271 "i SSL3 RSA WITH NULL MD5\n" | 268 "i SSL3 RSA WITH NULL MD5\n" |
272 "j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n" | 269 "j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n" |
273 "k SSL3 RSA FIPS WITH DES CBC SHA\n" | 270 "k SSL3 RSA FIPS WITH DES CBC SHA\n" |
274 "l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" | |
275 "m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n" | |
276 "n SSL3 RSA WITH RC4 128 SHA\n" | 271 "n SSL3 RSA WITH RC4 128 SHA\n" |
277 "o SSL3 DHE DSS WITH RC4 128 SHA\n" | 272 "o SSL3 DHE DSS WITH RC4 128 SHA\n" |
278 "p SSL3 DHE RSA WITH 3DES EDE CBC SHA\n" | 273 "p SSL3 DHE RSA WITH 3DES EDE CBC SHA\n" |
279 "q SSL3 DHE DSS WITH 3DES EDE CBC SHA\n" | 274 "q SSL3 DHE DSS WITH 3DES EDE CBC SHA\n" |
280 "r SSL3 DHE RSA WITH DES CBC SHA\n" | 275 "r SSL3 DHE RSA WITH DES CBC SHA\n" |
281 "s SSL3 DHE DSS WITH DES CBC SHA\n" | 276 "s SSL3 DHE DSS WITH DES CBC SHA\n" |
282 "t SSL3 DHE DSS WITH AES 128 CBC SHA\n" | 277 "t SSL3 DHE DSS WITH AES 128 CBC SHA\n" |
283 "u SSL3 DHE RSA WITH AES 128 CBC SHA\n" | 278 "u SSL3 DHE RSA WITH AES 128 CBC SHA\n" |
284 "v SSL3 RSA WITH AES 128 CBC SHA\n" | 279 "v SSL3 RSA WITH AES 128 CBC SHA\n" |
285 "w SSL3 DHE DSS WITH AES 256 CBC SHA\n" | 280 "w SSL3 DHE DSS WITH AES 256 CBC SHA\n" |
(...skipping 612 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
898 char * tmp; | 893 char * tmp; |
899 int multiplier = 0; | 894 int multiplier = 0; |
900 SECStatus rv; | 895 SECStatus rv; |
901 PRStatus status; | 896 PRStatus status; |
902 PRInt32 filesReady; | 897 PRInt32 filesReady; |
903 int npds; | 898 int npds; |
904 int override = 0; | 899 int override = 0; |
905 SSLVersionRange enabledVersions; | 900 SSLVersionRange enabledVersions; |
906 int bypassPKCS11 = 0; | 901 int bypassPKCS11 = 0; |
907 int disableLocking = 0; | 902 int disableLocking = 0; |
908 int useExportPolicy = 0; | |
909 int enableSessionTickets = 0; | 903 int enableSessionTickets = 0; |
910 int enableCompression = 0; | 904 int enableCompression = 0; |
911 int enableFalseStart = 0; | 905 int enableFalseStart = 0; |
912 int enableCertStatus = 0; | 906 int enableCertStatus = 0; |
913 int enableSignedCertTimestamps = 0; | 907 int enableSignedCertTimestamps = 0; |
914 int forceFallbackSCSV = 0; | 908 int forceFallbackSCSV = 0; |
915 int enableExtendedMasterSecret = 0; | 909 int enableExtendedMasterSecret = 0; |
916 PRSocketOptionData opt; | 910 PRSocketOptionData opt; |
917 PRNetAddr addr; | 911 PRNetAddr addr; |
918 PRPollDesc pollset[2]; | 912 PRPollDesc pollset[2]; |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
954 if (tmp && tmp[0]) { | 948 if (tmp && tmp[0]) { |
955 int sec = PORT_Atoi(tmp); | 949 int sec = PORT_Atoi(tmp); |
956 if (sec > 0) { | 950 if (sec > 0) { |
957 maxInterval = PR_SecondsToInterval(sec); | 951 maxInterval = PR_SecondsToInterval(sec); |
958 } | 952 } |
959 } | 953 } |
960 | 954 |
961 SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); | 955 SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); |
962 | 956 |
963 optstate = PL_CreateOptState(argc, argv, | 957 optstate = PL_CreateOptState(argc, argv, |
964 "46BCDFGKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:u
vw:xz"); | 958 "46BCDFGKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:u
vw:z"); |
965 while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { | 959 while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { |
966 switch (optstate->option) { | 960 switch (optstate->option) { |
967 case '?': | 961 case '?': |
968 default : Usage(progName); break; | 962 default : Usage(progName); break; |
969 | 963 |
970 case '4': allowIPv6 = PR_FALSE; if (!allowIPv4) Usage(progName); break
; | 964 case '4': allowIPv6 = PR_FALSE; if (!allowIPv4) Usage(progName); break
; |
971 case '6': allowIPv4 = PR_FALSE; if (!allowIPv6) Usage(progName); break
; | 965 case '6': allowIPv4 = PR_FALSE; if (!allowIPv6) Usage(progName); break
; |
972 | 966 |
973 case 'B': bypassPKCS11 = 1; break; | 967 case 'B': bypassPKCS11 = 1; break; |
974 | 968 |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1072 case 'w': | 1066 case 'w': |
1073 pwdata.source = PW_PLAINTEXT; | 1067 pwdata.source = PW_PLAINTEXT; |
1074 pwdata.data = PORT_Strdup(optstate->value); | 1068 pwdata.data = PORT_Strdup(optstate->value); |
1075 break; | 1069 break; |
1076 | 1070 |
1077 case 'W': | 1071 case 'W': |
1078 pwdata.source = PW_FROMFILE; | 1072 pwdata.source = PW_FROMFILE; |
1079 pwdata.data = PORT_Strdup(optstate->value); | 1073 pwdata.data = PORT_Strdup(optstate->value); |
1080 break; | 1074 break; |
1081 | 1075 |
1082 case 'x': useExportPolicy = 1; break; | |
1083 | |
1084 case 'z': enableCompression = 1; break; | 1076 case 'z': enableCompression = 1; break; |
1085 } | 1077 } |
1086 } | 1078 } |
1087 | 1079 |
1088 PL_DestroyOptState(optstate); | 1080 PL_DestroyOptState(optstate); |
1089 | 1081 |
1090 if (optstatus == PL_OPT_BAD) | 1082 if (optstatus == PL_OPT_BAD) |
1091 Usage(progName); | 1083 Usage(progName); |
1092 | 1084 |
1093 if (!host || !portno) { | 1085 if (!host || !portno) { |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1218 } | 1210 } |
1219 } | 1211 } |
1220 | 1212 |
1221 if (loadDefaultRootCAs) { | 1213 if (loadDefaultRootCAs) { |
1222 SECMOD_AddNewModule("Builtins", | 1214 SECMOD_AddNewModule("Builtins", |
1223 DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); | 1215 DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); |
1224 } else if (rootModule) { | 1216 } else if (rootModule) { |
1225 SECMOD_AddNewModule("Builtins", rootModule, 0, 0); | 1217 SECMOD_AddNewModule("Builtins", rootModule, 0, 0); |
1226 } | 1218 } |
1227 | 1219 |
1228 /* set the policy bits true for all the cipher suites. */ | |
1229 if (useExportPolicy) | |
1230 NSS_SetExportPolicy(); | |
1231 else | |
1232 NSS_SetDomesticPolicy(); | |
1233 | |
1234 /* all SSL3 cipher suites are enabled by default. */ | 1220 /* all SSL3 cipher suites are enabled by default. */ |
1235 if (cipherString) { | 1221 if (cipherString) { |
1236 /* disable all the ciphers, then enable the ones we want. */ | 1222 /* disable all the ciphers, then enable the ones we want. */ |
1237 disableAllSSLCiphers(); | 1223 disableAllSSLCiphers(); |
1238 } | 1224 } |
1239 | 1225 |
1240 /* Create socket */ | 1226 /* Create socket */ |
1241 s = PR_OpenTCPSocket(addr.raw.family); | 1227 s = PR_OpenTCPSocket(addr.raw.family); |
1242 if (s == NULL) { | 1228 if (s == NULL) { |
1243 SECU_PrintError(progName, "error creating socket"); | 1229 SECU_PrintError(progName, "error creating socket"); |
(...skipping 399 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1643 PR_Close(s); | 1629 PR_Close(s); |
1644 SSL_ClearSessionCache(); | 1630 SSL_ClearSessionCache(); |
1645 if (NSS_Shutdown() != SECSuccess) { | 1631 if (NSS_Shutdown() != SECSuccess) { |
1646 exit(1); | 1632 exit(1); |
1647 } | 1633 } |
1648 | 1634 |
1649 FPRINTF(stderr, "tstclnt: exiting with return code %d\n", error); | 1635 FPRINTF(stderr, "tstclnt: exiting with return code %d\n", error); |
1650 PR_Cleanup(); | 1636 PR_Cleanup(); |
1651 return error; | 1637 return error; |
1652 } | 1638 } |
OLD | NEW |