SSL programs: improve command-line error reporting
Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)
Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 3328e74..f5223fb 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -438,7 +438,7 @@
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
- " acceptable ciphersuite names:\n"
+ "\n"
#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
@@ -839,34 +839,54 @@
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;
+ p = q = NULL;
if (argc < 1) {
usage:
+ if (p != NULL && q != NULL) {
+ printf("unrecognized value for '%s': '%s'\n", p, q);
+ } else if (p != NULL && q == NULL) {
+ printf("unrecognized param: '%s'\n", p);
+ }
+
+ mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
+ mbedtls_printf(" ssl_client2 help[_theme]\n");
+ mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
+ mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
+ mbedtls_printf("\n");
+
if (ret == 0) {
ret = 1;
}
-
- mbedtls_printf(USAGE1);
- mbedtls_printf(USAGE2);
- mbedtls_printf(USAGE3);
- mbedtls_printf(USAGE4);
-
- list = mbedtls_ssl_list_ciphersuites();
- while (*list) {
- mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
- list++;
- if (!*list) {
- break;
- }
- mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
- list++;
- }
- mbedtls_printf("\n");
goto exit;
}
for (i = 1; i < argc; i++) {
p = argv[i];
+
+ if (strcmp(p, "help") == 0) {
+ mbedtls_printf(USAGE1);
+ mbedtls_printf(USAGE2);
+ mbedtls_printf(USAGE3);
+ mbedtls_printf(USAGE4);
+
+ ret = 0;
+ goto exit;
+ }
+ if (strcmp(p, "help_ciphersuites") == 0) {
+ mbedtls_printf(" acceptable ciphersuite names:\n");
+ for (list = mbedtls_ssl_list_ciphersuites();
+ *list != 0;
+ list++) {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
+ }
+
+ ret = 0;
+ goto exit;
+ }
+
if ((q = strchr(p, '=')) == NULL) {
+ mbedtls_printf("param requires a value: '%s'\n", p);
+ p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
@@ -1226,9 +1246,13 @@
} else if (strcmp(p, "mki") == 0) {
opt.mki = q;
} else {
+ /* This signals that the problem is with p not q */
+ q = NULL;
goto usage;
}
}
+ /* This signals that any further errors are not with a single option */
+ p = q = NULL;
if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");