[1.3 PATCH] Select SSL version on ab command line

[Sander Temme]

The following patch (inline and attached) expands the experimental -s flag to ab to specify the SSL version used for the benchmark run. Valid versions are SSLv2, SSLv3, TLSv1 and ANY in which case the program will use the highest version available. This code is active when httpd is configured with CFLAGS="-DUSE_SSL" and LDFLAGS="-lssl -lcrypto".

Downside: getopt(3) doesn't allow for an optional optarg, so a bare -s no longer works. I could possibly hack around that by scanning the bare argv string but that seems to me like a significant can of worms.

Patch:

Index: src/support/ab.8
===================================================================
--- src/support/ab.8 (revision 122972)
+++ src/support/ab.8 (working copy)
@@ -28,7 +28,7 @@
] [
.B \-i
] [
-.B \-s
+.BI \-s " version"
] [
.BI \-n " requests"
] [
@@ -95,14 +95,15 @@
one or two times the standard deviation apart. And default to the
min/avg/max values. (legacy support).
.TP 12
-.B \-s
+.BI \-s " version"
When compiled in (ab -h will show you) use the SSL protected
.B https
rather than the
.B http
protocol. This feature is experimental and
.B very
-rudimentary. You propably do not want to use it.
+rudimentary. You probably do not want to use it. The version parameter
+can be (SSLv2|SSLv3|TLSv1|ANY).
.TP 12
.B \-k
Enable the HTTP KeepAlive feature; that is, perform multiple requests
Index: src/support/ab.c
===================================================================
--- src/support/ab.c (revision 122972)
+++ src/support/ab.c (working copy)
@@ -1364,7 +1364,8 @@
fprintf(stderr, " -g filename Output collected data to gnuplot format file.\n");
fprintf(stderr, " -e filename Output CSV file with percentages served\n");
#ifdef USE_SSL
- fprintf(stderr, " -s Use httpS instead of HTTP (SSL)\n");
+ fprintf(stderr, " -s version Use httpS instead of HTTP (SSL)\n");
+ fprintf(stderr, " version is (SSLv2|SSLv3|TLSv1|ANY)\n");
#endif
fprintf(stderr, " -h Display usage information (this message)\n");
exit(EINVAL);
@@ -1463,6 +1464,10 @@
{
int c, r, l;
char tmp[1024];
+#ifdef USE_SSL
+ char ssl_err[40];
+ SSL_METHOD *ssl_method;
+#endif
/* table defaults */
tablestring = "";
trstring = "";
@@ -1474,13 +1479,25 @@
optind = 1;
while ((c = getopt(argc, argv, "n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq"
#ifdef USE_SSL
- "s"
+ "s:"
#endif
)) > 0) {
switch (c) {
#ifdef USE_SSL
case 's':
ssl = 1;
+ if (!strcmp(optarg, "ANY")) {
+ ssl_method = SSLv23_client_method();
+ } else if (!strcmp(optarg, "SSLv2")) {
+ ssl_method = SSLv2_client_method();
+ } else if (!strcmp(optarg, "SSLv3")) {
+ ssl_method = SSLv3_client_method();
+ } else if (!strcmp(optarg, "TLSv1")) {
+ ssl_method = TLSv1_client_method();
+ } else {
+ sprintf(ssl_err, "SSL method %.4s not supported.\n", optarg);
+ err(ssl_err);
+ }
break;
#endif
case 'n':
@@ -1655,7 +1672,7 @@

 #ifdef USE_SSL
     SSL_library_init();
-    if (!(ctx = SSL_CTX_new(SSLv2_client_method()))) {
+    if (!(ctx = SSL_CTX_new(ssl_method))) {
        fprintf(stderr, "Could not init SSL CTX: ");
        ERR_print_errors_fp(stderr);
        exit(1);

Similar patch for Apache 2 ab is forthcoming.

S.

--
[EMAIL PROTECTED]              http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

ab.c.patch
Description: Binary data

smime.p7s

Description: S/MIME cryptographic signature