Add max_frag_len option in ssl_server2
Also reformat code and output more information in ssl_client2
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ab2a87f..d5ebb81 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -68,11 +68,15 @@
#define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
+#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
-#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
+#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
* packets (for fragmentation purposes) */
@@ -100,6 +104,7 @@
int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */
int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
} opt;
static void my_debug( void *ctx, int level, const char *str )
@@ -154,6 +159,8 @@
" options: ssl3, tls1, tls1_1, tls1_2\n" \
" auth_mode=%%s default: \"optional\"\n" \
" options: none, optional, required\n" \
+ " max_frag_len=%%d default: 16384 (tls default)" \
+ " options: 512, 1024, 2048, 4096" \
USAGE_PSK \
"\n" \
" force_ciphersuite=<name> default: all enabled\n"\
@@ -175,7 +182,7 @@
#else
int main( int argc, char *argv[] )
{
- int ret = 0, len, written;
+ int ret = 0, len, written, frags;
int listen_fd;
int client_fd = -1;
unsigned char buf[1024];
@@ -257,6 +264,7 @@
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
opt.auth_mode = DFL_AUTH_MODE;
+ opt.mfl_code = DFL_MFL_CODE;
for( i = 1; i < argc; i++ )
{
@@ -375,6 +383,19 @@
else
goto usage;
}
+ else if( strcmp( p, "max_frag_len" ) == 0 )
+ {
+ if( strcmp( q, "512" ) == 0 )
+ opt.mfl_code = SSL_MAX_FRAG_LEN_512;
+ else if( strcmp( q, "1024" ) == 0 )
+ opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
+ else if( strcmp( q, "2048" ) == 0 )
+ opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
+ else if( strcmp( q, "4096" ) == 0 )
+ opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
+ else
+ goto usage;
+ }
else
goto usage;
}
@@ -569,6 +590,8 @@
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, opt.auth_mode );
+ ssl_set_max_frag_len( &ssl, opt.mfl_code );
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
@@ -774,7 +797,7 @@
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &ssl ) );
- for( written = 0; written < len; written += ret )
+ for( written = 0, frags = 0; written < len; written += ret, frags++ )
{
while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
{
@@ -793,7 +816,7 @@
}
buf[written] = '\0';
- printf( " %d bytes written\n\n%s\n", written, (char *) buf );
+ printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
ret = 0;
goto reset;