[openssl-dev] [PATCH] Do not offer options like -ssl2, -tls1, -dtls if they are not compiled in
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Mar 4 02:22:42 UTC 2016
> On Mar 3, 2016, at 8:07 PM, Ángel González <angel at tls.16bits.net> wrote:
>
> They were showed in the help, but providing them failed with an
> “unknown option” error, and showed the help which listed it
> as a valid option.
The patch is not right. For example, when TLSv1 is disabled, it is
not the case that TLSv1.1 and TLSv1.2 are disabled. Secondly disabled
features should report that the feature is disabled, not a bad usage
message, as would be the case with a mistyped option.
> Patch against the stable 1.0.2 branch.
>
> apps/s_client.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/apps/s_client.c b/apps/s_client.c
> index 0c1102b..f68c581 100644
> --- a/apps/s_client.c
> +++ b/apps/s_client.c
> @@ -376,16 +376,22 @@ static void sc_usage(void)
> " -srp_strength int - minimal length in bits for N
> (default %d).\n",
> SRP_MINIMAL_N);
> #endif
> +#ifndef OPENSSL_NO_SSL2
> BIO_printf(bio_err, " -ssl2 - just use SSLv2\n");
> +#endif
> #ifndef OPENSSL_NO_SSL3_METHOD
> BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
> #endif
> +#ifndef OPENSSL_NO_TLS1
> BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n");
> BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n");
> BIO_printf(bio_err, " -tls1 - just use TLSv1\n");
> +#endif
> +#ifndef OPENSSL_NO_DTLS1
> BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n");
> - BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n");
> BIO_printf(bio_err, " -mtu - set the link layer MTU\n");
> +#endif
> + BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n");
> BIO_printf(bio_err,
> " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 -
> turn off that protocol\n");
> BIO_printf(bio_err,
> --
> 2.7.2
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
Viktor.
More information about the openssl-dev
mailing list