← Back to branch summary

~ubuntu-branches/ubuntu/raring/nss/raring-security

« back to all changes in this revision

Viewing changes to mozilla/security/nss/cmd/tstclnt/tstclnt.c

  • Committer: Bazaar Package Importer
  • Author(s): Chris Coulson
  • Date: 2010-03-25 13:46:06 UTC
  • mfrom: (1.1.11 upstream)
  • Revision ID: james.westby@ubuntu.com-20100325134606-bl6liuok2w9l7snv
Tags: 3.12.6-0ubuntu1
* New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
  - fixes CVE-2009-3555 aka US-CERT VU#120541
* Adjust patches to changed upstream code base
  - update debian/patches/38_kbsd.patch
  - update debian/patches/38_mips64_build.patch
  - update debian/patches/85_security_load.patch
* Remove patches that are merged upstream
  - delete debian/patches/91_nonexec_stack.patch
  - update debian/patches/series
* Bump nspr dependency to 4.8
  - update debian/control
* Add new symbols for 3.12.6
  - update debian/libnss3-1d.symbols

Show diffs side-by-side

added added

removed removed

Lines of Context:
mozilla/security/nss/cmd/tstclnt/tstclnt.c
122
122
 
123
123
unsigned long __cmp_umuls;
124
124
PRBool verbose;
125
 
int renegotiate = 0;
 
125
int renegotiationsToDo = 0;
 
126
int renegotiationsDone = 0;
126
127
 
127
128
static char *progName;
128
129
 
149
150
               suite.effectiveKeyBits, suite.symCipherName, 
150
151
               suite.macBits, suite.macAlgorithmName);
151
152
            FPRINTF(stderr, 
152
 
            "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n",
 
153
            "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
 
154
            "         Compression: %s\n",
153
155
               channel.authKeyBits, suite.authAlgorithmName,
154
 
               channel.keaKeyBits,  suite.keaTypeName);
 
156
               channel.keaKeyBits,  suite.keaTypeName,
 
157
               channel.compressionMethodName);
155
158
        }
156
159
    }
157
160
    cert = SSL_RevealCert(fd);
179
182
void
180
183
handshakeCallback(PRFileDesc *fd, void *client_data)
181
184
{
 
185
    const char *secondHandshakeName = (char *)client_data;
 
186
    if (secondHandshakeName) {
 
187
        SSL_SetURL(fd, secondHandshakeName);
 
188
    }
182
189
    printSecurityInfo(fd);
183
 
    if (renegotiate > 0) {
184
 
        renegotiate--;
185
 
        SSL_ReHandshake(fd, PR_FALSE);
 
190
    if (renegotiationsDone < renegotiationsToDo) {
 
191
        SSL_ReHandshake(fd, (renegotiationsToDo < 2));
 
192
        ++renegotiationsDone;
186
193
    }
187
194
}
188
195
 
189
196
static void Usage(const char *progName)
190
197
{
191
198
    fprintf(stderr, 
192
 
"Usage:  %s -h host [-p port] [-d certdir] [-n nickname] [-23BTfosvxr] \n"
193
 
"                   [-c ciphers] [-w passwd] [-W pwfile] [-q]\n", progName);
 
199
"Usage:  %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
 
200
                    "[-d certdir] [-n nickname] [-23BTafosvx] [-c ciphers]\n"
 
201
                    "[-r N] [-w passwd] [-W pwfile] [-q]\n", progName);
 
202
    fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n"
 
203
                    "%-20s handshake, 2nd_hs_name - at second handshake.\n"
 
204
                    "%-20s Defualt is host from the -h argument.\n", "-a name",
 
205
                    "", "");
194
206
    fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
195
207
    fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
196
208
    fprintf(stderr, 
210
222
    fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v");
211
223
    fprintf(stderr, "%-20s Use export policy.\n", "-x");
212
224
    fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
213
 
    fprintf(stderr, "%-20s Renegotiate with session resumption.\n", "-r");
 
225
    fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N");
214
226
    fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
 
227
    fprintf(stderr, "%-20s Enable compression.\n", "-z");
215
228
    fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", 
216
229
                    "-c ciphers");
217
230
    fprintf(stderr, 
261
274
void
262
275
disableAllSSLCiphers(void)
263
276
{
264
 
    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
265
 
    int             i            = SSL_NumImplementedCiphers;
 
277
    const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
 
278
    int             i            = SSL_GetNumImplementedCiphers();
266
279
    SECStatus       rv;
267
280
 
268
281
    /* disable all the SSL3 cipher suites */
507
520
    int                disableLocking = 0;
508
521
    int                useExportPolicy = 0;
509
522
    int                enableSessionTickets = 0;
 
523
    int                enableCompression = 0;
510
524
    PRSocketOptionData opt;
511
525
    PRNetAddr          addr;
512
526
    PRPollDesc         pollset[2];
517
531
    int                headerSeparatorPtrnId = 0;
518
532
    int                error = 0;
519
533
    PRUint16           portno = 443;
 
534
    char *             hs1SniHostName = NULL;
 
535
    char *             hs2SniHostName = NULL;
520
536
    PLOptState *optstate;
521
537
    PLOptStatus optstatus;
522
538
    PRStatus prStatus;
534
550
       }
535
551
    }
536
552
 
537
 
    optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
 
553
    optstate = PL_CreateOptState(argc, argv,
 
554
                                 "23BSTW:a:c:d:fh:m:n:op:qr:suvw:xz");
538
555
    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
539
556
        switch (optstate->option) {
540
557
          case '?':
546
563
 
547
564
          case 'B': bypassPKCS11 = 1;                   break;
548
565
 
 
566
          case 'S': skipProtoHeader = PR_TRUE;                 break;
 
567
 
549
568
          case 'T': disableTLS  = 1;                    break;
550
569
 
551
 
          case 'S': skipProtoHeader = PR_TRUE;                 break;
 
570
          case 'a': if (!hs1SniHostName) {
 
571
                        hs1SniHostName = PORT_Strdup(optstate->value);
 
572
                    } else if (!hs2SniHostName) {
 
573
                        hs2SniHostName =  PORT_Strdup(optstate->value);
 
574
                    } else {
 
575
                        Usage(progName);
 
576
                    }
 
577
                    break;
552
578
 
553
579
          case 'c': cipherString = PORT_Strdup(optstate->value); break;
554
580
 
 
581
          case 'd': certDir = PORT_Strdup(optstate->value);   break;
 
582
 
 
583
          case 'f': clientSpeaksFirst = PR_TRUE;        break;
 
584
 
555
585
          case 'h': host = PORT_Strdup(optstate->value);        break;
556
586
 
557
 
          case 'f':  clientSpeaksFirst = PR_TRUE;       break;
558
 
 
559
 
          case 'd': certDir = PORT_Strdup(optstate->value);   break;
560
 
 
561
587
          case 'm':
562
588
            multiplier = atoi(optstate->value);
563
589
            if (multiplier < 0)
578
604
 
579
605
          case 'v': verbose++;                          break;
580
606
 
581
 
          case 'r': renegotiate = atoi(optstate->value);        break;
 
607
          case 'r': renegotiationsToDo = atoi(optstate->value); break;
582
608
 
583
609
          case 'w':
584
610
                pwdata.source = PW_PLAINTEXT;
591
617
                break;
592
618
 
593
619
          case 'x': useExportPolicy = 1;                break;
 
620
 
 
621
          case 'z': enableCompression = 1;              break;
594
622
        }
595
623
    }
596
624
 
829
857
        return 1;
830
858
    }
831
859
 
 
860
    /* enable compression. */
 
861
    rv = SSL_OptionSet(s, SSL_ENABLE_DEFLATE, enableCompression);
 
862
    if (rv != SECSuccess) {
 
863
        SECU_PrintError(progName, "error enabling compression");
 
864
        return 1;
 
865
    }
 
866
               
832
867
    SSL_SetPKCS11PinArg(s, &pwdata);
833
868
 
834
869
    SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
836
871
        SSL_BadCertHook(s, ownBadCertHandler, NULL);
837
872
    }
838
873
    SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
839
 
    SSL_HandshakeCallback(s, handshakeCallback, NULL);
840
 
    SSL_SetURL(s, host);
 
874
    SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
 
875
    if (hs1SniHostName) {
 
876
        SSL_SetURL(s, hs1SniHostName);
 
877
    } else {
 
878
        SSL_SetURL(s, host);
 
879
    }
841
880
 
842
881
    /* Try to connect to the server */
843
882
    status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT);
1045
1084
    }
1046
1085
 
1047
1086
  done:
 
1087
    if (hs1SniHostName) {
 
1088
        PORT_Free(hs1SniHostName);
 
1089
    }
 
1090
    if (hs2SniHostName) {
 
1091
        PORT_Free(hs2SniHostName);
 
1092
    }
1048
1093
    if (nickname) {
1049
1094
        PORT_Free(nickname);
1050
1095
    }