You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/02/12 12:21:15 UTC
svn commit: r1445104 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS
support/ab.c
Author: rjung
Date: Tue Feb 12 11:21:15 2013
New Revision: 1445104
URL: http://svn.apache.org/r1445104
Log:
Allow forced setting of TLS1.1 and TLS1.2 protocols with
the -f command-line switch, and adapt the output to more accurately
report what SSL/TLS protocol was negotiated (use SSL_get_version()
instead of SSL_CIPHER_get_version()).
PR: 53916
Backport of r1395225 from trunk resp. r1400946 from 2.4.x
Submitted by: Nicolás Pernas Maradei <nico emutex com>
Reviewed/amended by: kbrand, covener, wrowe
Backported by: kbrand
Modified:
httpd/httpd/branches/2.2.x/ (props changed)
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/support/ab.c (contents, props changed)
Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1395225
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1445104&r1=1445103&r2=1445104&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Feb 12 11:21:15 2013
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.24
+ *) ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
+ to more accurately report the negotiated protocol. PR 53916.
+ [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]
+
*) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
Response if they so choose to do so. Previously an attempt to cache a 206
was arbitrarily allowed if the response contained an Expires or
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1445104&r1=1445103&r2=1445104&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Feb 12 11:21:15 2013
@@ -106,12 +106,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
https://issues.apache.org/bugzilla/show_bug.cgi?id=53134#c10
by the patch author)
- * ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
- to more accurately report the negotiated protocol. PR 53916.
- trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1395225
- 2.2.x patch: https://people.apache.org/~kbrand/ab-tlsv1_x-2.2.x.patch
- +1: kbrand, covener, wrowe
-
* modules/ldap/util_ldap.c: Correct erroneous messages
PR: 53402
trunk and 2.4.x: Erroneous message about LDAPSharedCacheSize
Modified: httpd/httpd/branches/2.2.x/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=1445104&r1=1445103&r2=1445104&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/ab.c (original)
+++ httpd/httpd/branches/2.2.x/support/ab.c Tue Feb 12 11:21:15 2013
@@ -200,6 +200,9 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
#else
#define AB_SSL_CIPHER_CONST
#endif
+#ifdef SSL_OP_NO_TLSv1_2
+#define HAVE_TLSV1_X
+#endif
#endif
#include <math.h>
@@ -496,6 +499,8 @@ static int ssl_print_connection_info(BIO
AB_SSL_CIPHER_CONST SSL_CIPHER *c;
int alg_bits,bits;
+ BIO_printf(bio,"Transport Protocol :%s\n", SSL_get_version(ssl));
+
c = SSL_get_current_cipher(ssl);
BIO_printf(bio,"Cipher Suite Protocol :%s\n", SSL_CIPHER_get_version(c));
BIO_printf(bio,"Cipher Suite Name :%s\n",SSL_CIPHER_get_name(c));
@@ -593,7 +598,7 @@ static void ssl_proceed_handshake(struct
ssl_info = malloc(128);
apr_snprintf(ssl_info, 128, "%s,%s,%d,%d",
- SSL_CIPHER_get_version(ci),
+ SSL_get_version(c->ssl),
SSL_CIPHER_get_name(ci),
pk_bits, sk_bits);
}
@@ -1875,12 +1880,22 @@ static void usage(const char *progname)
fprintf(stderr, " -r Don't exit on socket receive errors.\n");
fprintf(stderr, " -h Display usage information (this message)\n");
#ifdef USE_SSL
- fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n");
+
#ifndef OPENSSL_NO_SSL2
- fprintf(stderr, " -f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)\n");
+#define SSL2_HELP_MSG "SSL2, "
+#else
+#define SSL2_HELP_MSG ""
+#endif
+
+#ifdef HAVE_TLSV1_X
+#define TLS1_X_HELP_MSG ", TLS1.1, TLS1.2"
#else
- fprintf(stderr, " -f protocol Specify SSL/TLS protocol (SSL3, TLS1, or ALL)\n");
+#define TLS1_X_HELP_MSG ""
#endif
+
+ fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n");
+ fprintf(stderr, " -f protocol Specify SSL/TLS protocol\n");
+ fprintf(stderr, " (" SSL2_HELP_MSG "SSL3, TLS1" TLS1_X_HELP_MSG " or ALL)\n");
#endif
exit(EINVAL);
}
@@ -2219,6 +2234,12 @@ int main(int argc, const char * const ar
#endif
} else if (strncasecmp(optarg, "SSL3", 4) == 0) {
meth = SSLv3_client_method();
+#ifdef HAVE_TLSV1_X
+ } else if (strncasecmp(optarg, "TLS1.1", 6) == 0) {
+ meth = TLSv1_1_client_method();
+ } else if (strncasecmp(optarg, "TLS1.2", 6) == 0) {
+ meth = TLSv1_2_client_method();
+#endif
} else if (strncasecmp(optarg, "TLS1", 4) == 0) {
meth = TLSv1_client_method();
}
Propchange: httpd/httpd/branches/2.2.x/support/ab.c
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/support/ab.c:r1395225