Add an alpn option to ssl_client2 and ssl_server2
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index b5bfaed..d4428f2 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -65,6 +65,7 @@
#define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
+#define DFL_ALPN_STRING NULL
#define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \
"-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
@@ -108,6 +109,7 @@
int reconnect; /* attempt to resume session */
int reco_delay; /* delay in seconds before resuming session */
int tickets; /* enable / disable session tickets */
+ const char *alpn_string; /* ALPN supported protocols */
} opt;
static void my_debug( void *ctx, int level, const char *str )
@@ -248,11 +250,19 @@
#if defined(POLARSSL_TIMING_C)
#define USAGE_TIME \
- " reco_delay=%%d default: 0 seconds\n"
+ " reco_delay=%%d default: 0 seconds\n"
#else
#define USAGE_TIME ""
#endif /* POLARSSL_TIMING_C */
+#if defined(POLARSSL_SSL_ALPN)
+#define USAGE_ALPN \
+ " alpn=%%s default: \"\" (disabled)\n" \
+ " example: spdy/1,http/1.1\n"
+#else
+#define USAGE_ALPN ""
+#endif /* POLARSSL_SSL_ALPN */
+
#define USAGE \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
@@ -278,6 +288,7 @@
USAGE_TICKETS \
USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \
+ USAGE_ALPN \
"\n" \
" min_version=%%s default: \"\" (ssl3)\n" \
" max_version=%%s default: \"\" (tls1_2)\n" \
@@ -311,6 +322,9 @@
unsigned char psk[256];
size_t psk_len = 0;
#endif
+#if defined(POLARSSL_SSL_ALPN)
+ const char *alpn_list[10];
+#endif
const char *pers = "ssl_client2";
entropy_context entropy;
@@ -336,6 +350,9 @@
x509_crt_init( &clicert );
pk_init( &pkey );
#endif
+#if defined(POLARSSL_SSL_ALPN)
+ memset( alpn_list, 0, sizeof alpn_list );
+#endif
if( argc == 0 )
{
@@ -383,6 +400,7 @@
opt.reconnect = DFL_RECONNECT;
opt.reco_delay = DFL_RECO_DELAY;
opt.tickets = DFL_TICKETS;
+ opt.alpn_string = DFL_ALPN_STRING;
for( i = 1; i < argc; i++ )
{
@@ -475,6 +493,10 @@
if( opt.tickets < 0 || opt.tickets > 2 )
goto usage;
}
+ else if( strcmp( p, "alpn" ) == 0 )
+ {
+ opt.alpn_string = q;
+ }
else if( strcmp( p, "min_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
@@ -635,6 +657,26 @@
}
#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+#if defined(POLARSSL_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ p = (char *) opt.alpn_string;
+ i = 0;
+
+ /* Leave room for a final NULL in alpn_list */
+ while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
+ {
+ alpn_list[i++] = p;
+
+ /* Terminate the current string and move on to next one */
+ while( *p != ',' && *p != '\0' )
+ p++;
+ if( *p == ',' )
+ *p++ = '\0';
+ }
+ }
+#endif /* POLARSSL_SSL_ALPN */
+
/*
* 0. Initialize the RNG and the session data
*/
@@ -806,6 +848,11 @@
ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
#endif
+#if defined(POLARSSL_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ ssl_set_alpn_protocols( &ssl, alpn_list );
+#endif
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
@@ -878,6 +925,15 @@
printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+#if defined(POLARSSL_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ const char *alp = ssl_get_alpn_protocol( &ssl );
+ printf( " [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)" );
+ }
+#endif
+
if( opt.reconnect != 0 )
{
printf(" . Saving session for reuse..." );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4e199c3..758188b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -85,6 +85,7 @@
#define DFL_CACHE_MAX -1
#define DFL_CACHE_TIMEOUT -1
#define DFL_SNI NULL
+#define DFL_ALPN_STRING NULL
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -131,6 +132,7 @@
int cache_max; /* max number of session cache entries */
int cache_timeout; /* expiration delay of session cache entries */
char *sni; /* string decribing sni information */
+ const char *alpn_string; /* ALPN supported protocols */
} opt;
static void my_debug( void *ctx, int level, const char *str )
@@ -245,6 +247,14 @@
#define USAGE_MAX_FRAG_LEN ""
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_ALPN)
+#define USAGE_ALPN \
+ " alpn=%%s default: \"\" (disabled)\n" \
+ " example: spdy/1,http/1.1\n"
+#else
+#define USAGE_ALPN ""
+#endif /* POLARSSL_SSL_ALPN */
+
#define USAGE \
"\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \
@@ -267,6 +277,7 @@
USAGE_TICKETS \
USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
+ USAGE_ALPN \
"\n" \
" min_version=%%s default: \"ssl3\"\n" \
" max_version=%%s default: \"tls1_2\"\n" \
@@ -429,6 +440,9 @@
#if defined(POLARSSL_SNI)
sni_entry *sni_info = NULL;
#endif
+#if defined(POLARSSL_SSL_ALPN)
+ const char *alpn_list[10];
+#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[100000];
#endif
@@ -456,6 +470,9 @@
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
#endif
+#if defined(POLARSSL_SSL_ALPN)
+ memset( alpn_list, 0, sizeof alpn_list );
+#endif
if( argc == 0 )
{
@@ -504,6 +521,7 @@
opt.cache_max = DFL_CACHE_MAX;
opt.cache_timeout = DFL_CACHE_TIMEOUT;
opt.sni = DFL_SNI;
+ opt.alpn_string = DFL_ALPN_STRING;
for( i = 1; i < argc; i++ )
{
@@ -653,6 +671,10 @@
else
goto usage;
}
+ else if( strcmp( p, "alpn" ) == 0 )
+ {
+ opt.alpn_string = q;
+ }
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
@@ -760,6 +782,26 @@
}
#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+#if defined(POLARSSL_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ p = (char *) opt.alpn_string;
+ i = 0;
+
+ /* Leave room for a final NULL in alpn_list */
+ while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
+ {
+ alpn_list[i++] = p;
+
+ /* Terminate the current string and move on to next one */
+ while( *p != ',' && *p != '\0' )
+ p++;
+ if( *p == ',' )
+ *p++ = '\0';
+ }
+ }
+#endif /* POLARSSL_SSL_ALPN */
+
/*
* 0. Initialize the RNG and the session data
*/
@@ -974,6 +1016,11 @@
ssl_set_max_frag_len( &ssl, opt.mfl_code );
#endif
+#if defined(POLARSSL_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ ssl_set_alpn_protocols( &ssl, alpn_list );
+#endif
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
@@ -1103,6 +1150,15 @@
printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+#if defined(POLARSSL_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ const char *alp = ssl_get_alpn_protocol( &ssl );
+ printf( " [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)" );
+ }
+#endif
+
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 5. Verify the server certificate