I'm generally opposed to breaking stdout compatibility with the "openssl" command tools because we have no clue what shell scripts and other applications this will break.
with a *very good reason* I think it's ok, but this (I think this looks better) isn't one of them. the "openssl" command is kept the way it is *for compatibilityt with crap that wants it*. If you truly dislike the output - WRITE A NEW TOOL THAT DOESN'T SUCK ;) On Sat, Sep 15, 2018 at 1:21 PM Scott Cheloha <[email protected]> wrote: > > Bump. > > On Tue, Aug 28, 2018 at 10:33:34AM -0500, Scott Cheloha wrote: > > Two diffs here. > > > > First, move the tally mark printing out of the benchmark loop. > > > > Second, print '0' for TLS 1.0, '1' for TLS 1.1, etc. > > > > This breaks stdout compatibility with OpenSSL s_time, and prior > > versions of s_time in general, because 't' was used for TLS 1.0 > > (behavior change) and '2' was used for SSLv2 (marker collision). > > > > (The choice of a single character as the mark predated any plans > > for a successor to SSL. The choice of 't' predated any plans for > > a revision to TLS.) > > > > I think the utility of distinguishing between the various TLS > > versions at a glance outweighs the value of compatibility with > > older versions of the software. Especially given how haphazard > > the stdout behavior of this code is anyway, I don't think we're > > going to break a zillion scripts. The primary utility of this > > app is interactive testing and eyeballing your performance. > > > > But... if this is unacceptable the alternative is to just print > > 't' for any and all TLS versions. I think this is less useful, > > but one can always use s_client, so it isn't the end of the world. > > > > Thoughts? ok? > > > > PS. Using DTLS to encrypt HTTP isn't a thing, right? It isn't > > useful to check for DTLS1_VERSION from SSL_version(3)? > > > > Diff 1: > > > > Index: s_time.c > > =================================================================== > > RCS file: /cvs/src/usr.bin/openssl/s_time.c,v > > retrieving revision 1.31 > > diff -u -p -r1.31 s_time.c > > --- s_time.c 28 Aug 2018 14:30:48 -0000 1.31 > > +++ s_time.c 28 Aug 2018 15:13:18 -0000 > > @@ -92,6 +92,7 @@ extern int verify_depth; > > static void s_time_usage(void); > > static int run_test(SSL *); > > static int benchmark(int); > > +static void print_tally_mark(SSL *); > > > > static SSL_CTX *tm_ctx = NULL; > > static const SSL_METHOD *s_time_meth = NULL; > > @@ -393,6 +394,24 @@ run_test(SSL *scon) > > return 1; > > } > > > > +static void > > +print_tally_mark(SSL *scon) > > +{ > > + int ver; > > + > > + if (SSL_session_reused(scon)) > > + ver = 'r'; > > + else { > > + ver = SSL_version(scon); > > + if (ver == TLS1_VERSION) > > + ver = 't'; > > + else > > + ver = '*'; > > + } > > + fputc(ver, stdout); > > + fflush(stdout); > > +} > > + > > static int > > benchmark(int reuse_session) > > { > > @@ -400,7 +419,6 @@ benchmark(int reuse_session) > > int nConn = 0; > > SSL *scon = NULL; > > int ret = 1; > > - int ver; > > > > if (reuse_session) { > > /* Get an SSL object so we can reuse the session id */ > > @@ -429,18 +447,7 @@ benchmark(int reuse_session) > > if (!run_test(scon)) > > goto end; > > nConn += 1; > > - if (SSL_session_reused(scon)) > > - ver = 'r'; > > - else { > > - ver = SSL_version(scon); > > - if (ver == TLS1_VERSION) > > - ver = 't'; > > - else > > - ver = '*'; > > - } > > - fputc(ver, stdout); > > - fflush(stdout); > > - > > + print_tally_mark(scon); > > if (!reuse_session) { > > SSL_free(scon); > > scon = NULL; > > > > Diff 1+2: > > > > Index: s_time.c > > =================================================================== > > RCS file: /cvs/src/usr.bin/openssl/s_time.c,v > > retrieving revision 1.31 > > diff -u -p -r1.31 s_time.c > > --- s_time.c 28 Aug 2018 14:30:48 -0000 1.31 > > +++ s_time.c 28 Aug 2018 15:15:27 -0000 > > @@ -92,6 +92,7 @@ extern int verify_depth; > > static void s_time_usage(void); > > static int run_test(SSL *); > > static int benchmark(int); > > +static void print_tally_mark(SSL *); > > > > static SSL_CTX *tm_ctx = NULL; > > static const SSL_METHOD *s_time_meth = NULL; > > @@ -393,6 +394,33 @@ run_test(SSL *scon) > > return 1; > > } > > > > +static void > > +print_tally_mark(SSL *scon) > > +{ > > + int mark; > > + > > + if (SSL_session_reused(scon)) { > > + mark = 'r'; > > + goto print; > > + } > > + switch (SSL_version(scon)) { > > + case TLS1_VERSION: > > + mark = '0'; > > + break; > > + case TLS1_1_VERSION: > > + mark = '1'; > > + break; > > + case TLS1_2_VERSION: > > + mark = '2'; > > + break; > > + default: > > + mark = '*'; > > + } > > + print: > > + fputc(mark, stdout); > > + fflush(stdout); > > +} > > + > > static int > > benchmark(int reuse_session) > > { > > @@ -400,7 +428,6 @@ benchmark(int reuse_session) > > int nConn = 0; > > SSL *scon = NULL; > > int ret = 1; > > - int ver; > > > > if (reuse_session) { > > /* Get an SSL object so we can reuse the session id */ > > @@ -429,18 +456,7 @@ benchmark(int reuse_session) > > if (!run_test(scon)) > > goto end; > > nConn += 1; > > - if (SSL_session_reused(scon)) > > - ver = 'r'; > > - else { > > - ver = SSL_version(scon); > > - if (ver == TLS1_VERSION) > > - ver = 't'; > > - else > > - ver = '*'; > > - } > > - fputc(ver, stdout); > > - fflush(stdout); > > - > > + print_tally_mark(scon); > > if (!reuse_session) { > > SSL_free(scon); > > scon = NULL;
