[openssl.org #2611] [PATCH] Support of TLSv1 in s_time

Fri, 23 Sep 2011 02:07:56 -0700 

Hi!

When OpenSSL is compiled with SSLv2  disabled, s_time is not able to use
TLSv1 any  more because it  uses SSLv3_client_method(). This  patch just
adds a "-tls1" switch to s_time, like s_client, to enable TLSv1.

I think  a better way would  be tu use  SSLv23_client_method() even when
SSLv2   is   disabled   at   compile   time  because   in   this   case,
SSLv23_client_method() will use SSLv3  or TLSv1. However, since s_client
also  uses SSLv3_client_method() by  default when  SSLv2 is  disabled at
compile time, I have kept this semantic.



diff -Naur openssl-1.0.0e/apps/s_time.c openssl-1.0.0e-new/apps/s_time.c
--- openssl-1.0.0e/apps/s_time.c	2006-04-17 14:22:13.000000000 +0200
+++ openssl-1.0.0e-new/apps/s_time.c	2011-09-21 07:22:47.401412464 +0200
@@ -188,6 +188,7 @@
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
 	printf("-ssl3         - Just use SSLv3\n");
+	printf("-tls1         - just use TLSv1\n");
 	printf("-bugs         - Turn on SSL bug compatibility\n");
 	printf("-new          - Just time new connections\n");
 	printf("-reuse        - Just time connection reuse\n");
@@ -290,6 +291,10 @@
 	else if(strcmp(*argv,"-ssl3") == 0)
 	    s_time_meth=SSLv3_client_method();
 #endif
+#ifndef OPENSSL_NO_TLS1
+	else if	(strcmp(*argv,"-tls1") == 0)
+	    s_time_meth=TLSv1_client_method();
+#endif
 	else if( strcmp(*argv,"-time") == 0) {
 
 	    if (--argc < 1) goto bad;
diff -Naur openssl-1.0.0e/doc/apps/s_time.pod openssl-1.0.0e-new/doc/apps/s_time.pod
--- openssl-1.0.0e/doc/apps/s_time.pod	2004-01-08 08:38:15.000000000 +0100
+++ openssl-1.0.0e-new/doc/apps/s_time.pod	2011-09-21 07:28:33.773554931 +0200
@@ -19,6 +19,7 @@
 [B<-verify depth>]
 [B<-nbio>]
 [B<-time seconds>]
+[B<-tls1>]
 [B<-ssl2>]
 [B<-ssl3>]
 [B<-bugs>]
@@ -92,7 +93,7 @@
 
 turns on non-blocking I/O.
 
-=item B<-ssl2>, B<-ssl3>
+=item B<-tls1>, B<-ssl2>, B<-ssl3>
 
 these options disable the use of certain SSL or TLS protocols. By default
 the initial handshake uses a method which should be compatible with all

-- 
Vincent Bernat ? http://vincent.bernat.im

printk("HPFS: Grrrr... Kernel memory corrupted ... going on, but 
        it'll crash very soon :-(\n");
        2.4.3 linux/fs/hpfs/super.c

Reply via email to