diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-04 15:35:25 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-04 16:16:14 +0200 |
commit | a308e87dea4067fd3166a4b9b5c4c36b3b3cafa0 (patch) | |
tree | 9876d67c05bef75178eea53864b220717e4f6302 | |
parent | e62eddfdc8ac82ddb96a3dfcd6011441039daca2 (diff) | |
download | gnutls-a308e87dea4067fd3166a4b9b5c4c36b3b3cafa0.tar.gz |
gnutls-serv: added the --alpn and --alpn-fatal options
This allows specifying ALPN protocols supported by server, allowing
to test the ALPN negotiation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | src/serv-args.def | 16 | ||||
-rw-r--r-- | src/serv.c | 25 |
2 files changed, 41 insertions, 0 deletions
diff --git a/src/serv-args.def b/src/serv-args.def index 0e13cbf140..f5b7f9c6a0 100644 --- a/src/serv-args.def +++ b/src/serv-args.def @@ -22,6 +22,21 @@ flag = { }; flag = { + name = alpn; + arg-type = string; + descrip = "Specify ALPN protocol to be enabled by the server"; + doc = "Specify the (textual) ALPN protocol for the server to use."; + stack-arg; + max = NOLIMIT; +}; + +flag = { + name = alpn-fatal; + descrip = "Send fatal alert on non-matching ALPN name"; + doc = ""; +}; + +flag = { name = noticket; descrip = "Don't accept session tickets"; doc = ""; @@ -159,6 +174,7 @@ flag = { deprecated; }; + flag = { name = x509keyfile; arg-type = string; diff --git a/src/serv.c b/src/serv.c index 63138a509e..ef71b47737 100644 --- a/src/serv.c +++ b/src/serv.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2004-2012 Free Software Foundation, Inc. * Copyright (C) 2001,2002 Paul Sheer + * Copyright (C) 2016-2017 Red Hat, Inc. * Portions Copyright (C) 2002,2003 Nikos Mavrogiannopoulos * * This file is part of GnuTLS. @@ -78,6 +79,9 @@ const char *status_response_ocsp = NULL; const char *sni_hostname = NULL; int sni_hostname_fatal = 0; +const char **alpn_protos = NULL; +unsigned alpn_protos_size = 0; + gnutls_datum_t session_ticket_key; static void tcp_server(const char *name, int port); @@ -359,11 +363,15 @@ end: return ret; } +#define MAX_ALPN_PROTOCOLS 16 gnutls_session_t initialize_session(int dtls) { gnutls_session_t session; int ret; + unsigned i; const char *err; + gnutls_datum_t alpn[MAX_ALPN_PROTOCOLS]; + unsigned alpn_size; if (priorities == NULL) priorities = "NORMAL"; @@ -402,6 +410,18 @@ gnutls_session_t initialize_session(int dtls) exit(1); } + alpn_size = MIN(MAX_ALPN_PROTOCOLS,alpn_protos_size); + for (i=0;i<alpn_size;i++) { + alpn[i].data = (void*)alpn_protos[i]; + alpn[i].size = strlen(alpn_protos[i]); + } + + ret = gnutls_alpn_set_protocols(session, alpn, alpn_size, HAVE_OPT(ALPN_FATAL)?GNUTLS_ALPN_MANDATORY:0); + if (ret < 0) { + fprintf(stderr, "Error setting ALPN protocols: %s\n", gnutls_strerror(ret)); + exit(1); + } + gnutls_credentials_set(session, GNUTLS_CRD_ANON, dh_cred); if (srp_cred != NULL) @@ -1615,6 +1635,11 @@ static void cmd_parser(int argc, char **argv) if (HAVE_OPT(DHPARAMS)) dh_params_file = OPT_ARG(DHPARAMS); + if (HAVE_OPT(ALPN)) { + alpn_protos = STACKLST_OPT(ALPN); + alpn_protos_size = STACKCT_OPT(ALPN); + } + if (HAVE_OPT(X509KEYFILE)) { x509_keyfile = STACKLST_OPT(X509KEYFILE); x509_keyfile_size = STACKCT_OPT(X509KEYFILE); |