You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2016/06/30 18:48:40 UTC
svn commit: r1750854 - in /httpd/httpd/trunk: CHANGES support/ab.c
Author: ylavic
Date: Thu Jun 30 18:48:40 2016
New Revision: 1750854
URL: http://svn.apache.org/viewvc?rev=1750854&view=rev
Log:
ab: add SNI support when available.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/support/ab.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1750854&r1=1750853&r2=1750854&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Jun 30 18:48:40 2016
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) ab: Add option -I to use the Server Name Indication (SNI) extension on
+ outgoing TLS connections, according to the Host header (if any) or the
+ requested URL's hostname otherwise. [Yann Ylavic]
+
*) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
[Erki Aring <er...@example.ee>, Stefan Eissing]
Modified: httpd/httpd/trunk/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=1750854&r1=1750853&r2=1750854&view=diff
==============================================================================
--- httpd/httpd/trunk/support/ab.c (original)
+++ httpd/httpd/trunk/support/ab.c Thu Jun 30 18:48:40 2016
@@ -194,6 +194,9 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
#ifdef SSL_OP_NO_TLSv1_2
#define HAVE_TLSV1_X
#endif
+#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
+#define HAVE_TLSEXT
+#endif
#endif
#include <math.h>
@@ -288,7 +291,8 @@ int keepalive = 0; /* try and do ke
int windowsize = 0; /* we use the OS default window size */
char servername[1024]; /* name that server reports */
char *hostname; /* host name from URL */
-const char *host_field; /* value of "Host:" header field */
+const char *host_field; /* value of "Host:" header field */
+const char *serverhost; /* hostname, or host_field if any and !isproxy */
const char *path; /* path name */
char *postdata; /* *buffer containing data from postfile */
apr_size_t postlen = 0; /* length of data to be POSTed */
@@ -344,6 +348,9 @@ char *ssl_cipher = NULL;
char *ssl_info = NULL;
char *ssl_tmp_key = NULL;
BIO *bio_out,*bio_err;
+#ifdef HAVE_TLSEXT
+int tls_sni = 0;
+#endif
#endif
apr_time_t start, lasttime, stoptime;
@@ -1373,6 +1380,11 @@ static void start_connect(struct connect
BIO_set_callback(bio, ssl_print_cb);
BIO_set_callback_arg(bio, (void *)bio_err);
}
+#ifdef HAVE_TLSEXT
+ if (tls_sni && serverhost) {
+ SSL_set_tlsext_host_name(c->ssl, serverhost);
+ }
+#endif
} else {
c->ssl = NULL;
}
@@ -1739,6 +1751,9 @@ static void test(void)
#ifdef NOT_ASCII
apr_size_t inbytes_left, outbytes_left;
#endif
+#ifdef HAVE_TLSEXT
+ apr_ipsubnet_t *ip;
+#endif
if (isproxy) {
connecthost = apr_pstrdup(cntxt, proxyhost);
@@ -1780,6 +1795,18 @@ static void test(void)
/* Header overridden, no need to add, as it is already in hdrs */
}
+ if (!opt_host || isproxy) {
+ /* try to use it as SNI if the option is set */
+ serverhost = host_field;
+ }
+#ifdef HAVE_TLSEXT
+ if (tls_sni && serverhost &&
+ /* IP not allowed in TLS SNI extension */
+ apr_ipsubnet_create(&ip, serverhost, NULL, cntxt) == APR_SUCCESS) {
+ tls_sni = 0;
+ }
+#endif
+
if (!opt_useragent) {
/* User-Agent: header not overridden, add default value to hdrs */
hdrs = apr_pstrcat(cntxt, hdrs, "User-Agent: ApacheBench/", AP_AB_BASEREVISION, "\r\n", NULL);
@@ -2084,6 +2111,9 @@ static void usage(const char *progname)
#define TLS1_X_HELP_MSG ""
#endif
+#ifdef HAVE_TLSEXT
+ fprintf(stderr, " -I Use TLS Server Name Indication (SNI) extension\n");
+#endif
fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n");
fprintf(stderr, " -f protocol Specify SSL/TLS protocol\n");
fprintf(stderr, " (" SSL2_HELP_MSG SSL3_HELP_MSG "TLS1" TLS1_X_HELP_MSG " or ALL)\n");
@@ -2255,7 +2285,7 @@ int main(int argc, const char * const ar
myhost = NULL; /* 0.0.0.0 or :: */
apr_getopt_init(&opt, cntxt, argc, argv);
- while ((status = apr_getopt(opt, "n:c:t:s:b:T:p:u:v:lrkVhwix:y:z:C:H:P:A:g:X:de:SqB:m:"
+ while ((status = apr_getopt(opt, "n:c:t:s:b:T:p:u:v:lrkVhwixI:y:z:C:H:P:A:g:X:de:SqB:m:"
#ifdef USE_SSL
"Z:f:"
#endif
@@ -2374,6 +2404,16 @@ int main(int argc, const char * const ar
* allow override of some of the common headers that ab adds
*/
if (strncasecmp(opt_arg, "Host:", 5) == 0) {
+ char *host;
+ apr_size_t len;
+ opt_arg += 5;
+ while (apr_isspace(*opt_arg))
+ opt_arg++;
+ len = strlen(opt_arg);
+ host = strdup(opt_arg);
+ while (len && apr_isspace(host[len-1]))
+ host[--len] = '\0';
+ serverhost = host;
opt_host = 1;
} else if (strncasecmp(opt_arg, "Accept:", 7) == 0) {
opt_accept = 1;
@@ -2479,6 +2519,11 @@ int main(int argc, const char * const ar
}
#endif /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
break;
+#ifdef HAVE_TLSEXT
+ case 'I':
+ tls_sni = 1;
+ break;
+#endif
#endif
}
}