149
150
suite.effectiveKeyBits, suite.symCipherName,
150
151
suite.macBits, suite.macAlgorithmName);
152
"tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n",
153
"tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
154
" Compression: %s\n",
153
155
channel.authKeyBits, suite.authAlgorithmName,
154
channel.keaKeyBits, suite.keaTypeName);
156
channel.keaKeyBits, suite.keaTypeName,
157
channel.compressionMethodName);
157
160
cert = SSL_RevealCert(fd);
180
183
handshakeCallback(PRFileDesc *fd, void *client_data)
185
const char *secondHandshakeName = (char *)client_data;
186
if (secondHandshakeName) {
187
SSL_SetURL(fd, secondHandshakeName);
182
189
printSecurityInfo(fd);
183
if (renegotiate > 0) {
185
SSL_ReHandshake(fd, PR_FALSE);
190
if (renegotiationsDone < renegotiationsToDo) {
191
SSL_ReHandshake(fd, (renegotiationsToDo < 2));
192
++renegotiationsDone;
189
196
static void Usage(const char *progName)
192
"Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23BTfosvxr] \n"
193
" [-c ciphers] [-w passwd] [-W pwfile] [-q]\n", progName);
199
"Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
200
"[-d certdir] [-n nickname] [-23BTafosvx] [-c ciphers]\n"
201
"[-r N] [-w passwd] [-W pwfile] [-q]\n", progName);
202
fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n"
203
"%-20s handshake, 2nd_hs_name - at second handshake.\n"
204
"%-20s Defualt is host from the -h argument.\n", "-a name",
194
206
fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
195
207
fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
210
222
fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v");
211
223
fprintf(stderr, "%-20s Use export policy.\n", "-x");
212
224
fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
213
fprintf(stderr, "%-20s Renegotiate with session resumption.\n", "-r");
225
fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N");
214
226
fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
227
fprintf(stderr, "%-20s Enable compression.\n", "-z");
215
228
fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
262
275
disableAllSSLCiphers(void)
264
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
265
int i = SSL_NumImplementedCiphers;
277
const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
278
int i = SSL_GetNumImplementedCiphers();
268
281
/* disable all the SSL3 cipher suites */
537
optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
553
optstate = PL_CreateOptState(argc, argv,
554
"23BSTW:a:c:d:fh:m:n:op:qr:suvw:xz");
538
555
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
539
556
switch (optstate->option) {
547
564
case 'B': bypassPKCS11 = 1; break;
566
case 'S': skipProtoHeader = PR_TRUE; break;
549
568
case 'T': disableTLS = 1; break;
551
case 'S': skipProtoHeader = PR_TRUE; break;
570
case 'a': if (!hs1SniHostName) {
571
hs1SniHostName = PORT_Strdup(optstate->value);
572
} else if (!hs2SniHostName) {
573
hs2SniHostName = PORT_Strdup(optstate->value);
553
579
case 'c': cipherString = PORT_Strdup(optstate->value); break;
581
case 'd': certDir = PORT_Strdup(optstate->value); break;
583
case 'f': clientSpeaksFirst = PR_TRUE; break;
555
585
case 'h': host = PORT_Strdup(optstate->value); break;
557
case 'f': clientSpeaksFirst = PR_TRUE; break;
559
case 'd': certDir = PORT_Strdup(optstate->value); break;
562
588
multiplier = atoi(optstate->value);
563
589
if (multiplier < 0)
860
/* enable compression. */
861
rv = SSL_OptionSet(s, SSL_ENABLE_DEFLATE, enableCompression);
862
if (rv != SECSuccess) {
863
SECU_PrintError(progName, "error enabling compression");
832
867
SSL_SetPKCS11PinArg(s, &pwdata);
834
869
SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
836
871
SSL_BadCertHook(s, ownBadCertHandler, NULL);
838
873
SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
839
SSL_HandshakeCallback(s, handshakeCallback, NULL);
874
SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
875
if (hs1SniHostName) {
876
SSL_SetURL(s, hs1SniHostName);
842
881
/* Try to connect to the server */
843
882
status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT);