ssl_client2: add max_frag_len option

2025-10-30 11:11:12 -04:00 · 2013-07-16 13:39:57 +02:00 · 2013-07-16 13:39:57 +02:00 · 0df6b1f068
commit 0df6b1f068
parent 8b46459ae5
1 changed files with 20 additions and 0 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -57,6 +57,7 @@
 #define DFL_MIN_VERSION         -1
 #define DFL_MAX_VERSION         -1
 #define DFL_AUTH_MODE           SSL_VERIFY_OPTIONAL
+#define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE

 #define GET_REQUEST "GET %s HTTP/1.0\r\n\r\n"

@ -81,6 +82,7 @@ struct options
    int min_version;            /* minimum protocol version accepted        */
    int max_version;            /* maximum protocol version accepted        */
    int auth_mode;              /* verify mode for connection               */
+    unsigned char mfl_code;     /* code for maximum fragment length         */
 } opt;

 static void my_debug( void *ctx, int level, const char *str )
@ -176,6 +178,8 @@ static int my_verify( void *data, x509_cert *crt, int depth, int *flags )
    "                        options: ssl3, tls1, tls1_1, tls1_2\n" \
    "    auth_mode=%%s        default: \"optional\"\n"          \
    "                        options: none, optional, required\n" \
+    "    max_frag_len=%%d     default: 16384 (tls default)" \
+    "                        options: 512, 1024, 2048, 4096" \
    USAGE_PSK                                               \
    "\n"                                                    \
    "    force_ciphersuite=<name>    default: all enabled\n"\
@ -265,6 +269,7 @@ int main( int argc, char *argv[] )
    opt.min_version         = DFL_MIN_VERSION;
    opt.max_version         = DFL_MAX_VERSION;
    opt.auth_mode           = DFL_AUTH_MODE;
+    opt.mfl_code            = DFL_MFL_CODE;

    for( i = 1; i < argc; i++ )
    {
@ -387,6 +392,19 @@ int main( int argc, char *argv[] )
            else
                goto usage;
        }
+        else if( strcmp( p, "max_frag_len" ) == 0 )
+        {
+            if( strcmp( q, "512" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_512;
+            else if( strcmp( q, "1024" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
+            else if( strcmp( q, "2048" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
+            else if( strcmp( q, "4096" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
+            else
+                goto usage;
+        }
        else
            goto usage;
    }
@ -592,6 +610,8 @@ int main( int argc, char *argv[] )
    ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
    ssl_set_authmode( &ssl, opt.auth_mode );

+    ssl_set_max_frag_len( &ssl, opt.mfl_code );
+
    ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
    ssl_set_dbg( &ssl, my_debug, stdout );
    ssl_set_bio( &ssl, net_recv, &server_fd,