Two diffs here.
First, move the tally mark printing out of the benchmark loop.
Second, print '0' for TLS 1.0, '1' for TLS 1.1, etc.
This breaks stdout compatibility with OpenSSL s_time, and prior
versions of s_time in general, because 't' was used for TLS 1.0
(behavior change) and '2' was used for SSLv2 (marker collision).
(The choice of a single character as the mark predated any plans
for a successor to SSL. The choice of 't' predated any plans for
a revision to TLS.)
I think the utility of distinguishing between the various TLS
versions at a glance outweighs the value of compatibility with
older versions of the software. Especially given how haphazard
the stdout behavior of this code is anyway, I don't think we're
going to break a zillion scripts. The primary utility of this
app is interactive testing and eyeballing your performance.
But... if this is unacceptable the alternative is to just print
't' for any and all TLS versions. I think this is less useful,
but one can always use s_client, so it isn't the end of the world.
Thoughts? ok?
PS. Using DTLS to encrypt HTTP isn't a thing, right? It isn't
useful to check for DTLS1_VERSION from SSL_version(3)?
Diff 1:
Index: s_time.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/s_time.c,v
retrieving revision 1.31
diff -u -p -r1.31 s_time.c
--- s_time.c 28 Aug 2018 14:30:48 -0000 1.31
+++ s_time.c 28 Aug 2018 15:13:18 -0000
@@ -92,6 +92,7 @@ extern int verify_depth;
static void s_time_usage(void);
static int run_test(SSL *);
static int benchmark(int);
+static void print_tally_mark(SSL *);
static SSL_CTX *tm_ctx = NULL;
static const SSL_METHOD *s_time_meth = NULL;
@@ -393,6 +394,24 @@ run_test(SSL *scon)
return 1;
}
+static void
+print_tally_mark(SSL *scon)
+{
+ int ver;
+
+ if (SSL_session_reused(scon))
+ ver = 'r';
+ else {
+ ver = SSL_version(scon);
+ if (ver == TLS1_VERSION)
+ ver = 't';
+ else
+ ver = '*';
+ }
+ fputc(ver, stdout);
+ fflush(stdout);
+}
+
static int
benchmark(int reuse_session)
{
@@ -400,7 +419,6 @@ benchmark(int reuse_session)
int nConn = 0;
SSL *scon = NULL;
int ret = 1;
- int ver;
if (reuse_session) {
/* Get an SSL object so we can reuse the session id */
@@ -429,18 +447,7 @@ benchmark(int reuse_session)
if (!run_test(scon))
goto end;
nConn += 1;
- if (SSL_session_reused(scon))
- ver = 'r';
- else {
- ver = SSL_version(scon);
- if (ver == TLS1_VERSION)
- ver = 't';
- else
- ver = '*';
- }
- fputc(ver, stdout);
- fflush(stdout);
-
+ print_tally_mark(scon);
if (!reuse_session) {
SSL_free(scon);
scon = NULL;
Diff 1+2:
Index: s_time.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/s_time.c,v
retrieving revision 1.31
diff -u -p -r1.31 s_time.c
--- s_time.c 28 Aug 2018 14:30:48 -0000 1.31
+++ s_time.c 28 Aug 2018 15:15:27 -0000
@@ -92,6 +92,7 @@ extern int verify_depth;
static void s_time_usage(void);
static int run_test(SSL *);
static int benchmark(int);
+static void print_tally_mark(SSL *);
static SSL_CTX *tm_ctx = NULL;
static const SSL_METHOD *s_time_meth = NULL;
@@ -393,6 +394,33 @@ run_test(SSL *scon)
return 1;
}
+static void
+print_tally_mark(SSL *scon)
+{
+ int mark;
+
+ if (SSL_session_reused(scon)) {
+ mark = 'r';
+ goto print;
+ }
+ switch (SSL_version(scon)) {
+ case TLS1_VERSION:
+ mark = '0';
+ break;
+ case TLS1_1_VERSION:
+ mark = '1';
+ break;
+ case TLS1_2_VERSION:
+ mark = '2';
+ break;
+ default:
+ mark = '*';
+ }
+ print:
+ fputc(mark, stdout);
+ fflush(stdout);
+}
+
static int
benchmark(int reuse_session)
{
@@ -400,7 +428,6 @@ benchmark(int reuse_session)
int nConn = 0;
SSL *scon = NULL;
int ret = 1;
- int ver;
if (reuse_session) {
/* Get an SSL object so we can reuse the session id */
@@ -429,18 +456,7 @@ benchmark(int reuse_session)
if (!run_test(scon))
goto end;
nConn += 1;
- if (SSL_session_reused(scon))
- ver = 'r';
- else {
- ver = SSL_version(scon);
- if (ver == TLS1_VERSION)
- ver = 't';
- else
- ver = '*';
- }
- fputc(ver, stdout);
- fflush(stdout);
-
+ print_tally_mark(scon);
if (!reuse_session) {
SSL_free(scon);
scon = NULL;
