On Dec 21, 2004, at 11:21 AM, William A. Rowe, Jr. wrote:
Can we use a separate flag to specific protocol version?
To address both your and André's response, yes we can. I even found an unused letter that makes sense: -m for 'method'. And yes, I'll do a 2.1 patch. The reason my personal itch was with the 1.3 ab is that it defaults to SSLv2 and my company's product doesn't support SSLv2.
Here's a new 1.3 patch (also attached for line-wrappy goodness):
Index: src/support/ab.8
===================================================================
--- src/support/ab.8 (revision 122972)
+++ src/support/ab.8 (working copy)
@@ -30,6 +30,8 @@
] [
.B \-s
] [
+.BI \-m " version"
+] [
.BI \-n " requests"
] [
.BI \-t " timelimit"
@@ -102,11 +104,19 @@
.B http
protocol. This feature is experimental and
.B very
-rudimentary. You propably do not want to use it.
+rudimentary. You probably do not want to use it.
.TP 12
+.BI \-m " version"
+SSL version to use.
+.B Version
+can be SSLv2, SSLv3 or TLSv1. To be used together with
+.B \-s
+option. Default is highest available version.
+.TP 12
.B \-k
Enable the HTTP KeepAlive feature; that is, perform multiple requests
within one HTTP session. Default is no KeepAlive.
+.TP 12
.B \-i
Use an HTTP 'HEAD' instead of the GET method. Cannot be mixed with POST.
.TP 12
Index: src/support/ab.c
===================================================================
--- src/support/ab.c (revision 122972)
+++ src/support/ab.c (working copy)
@@ -1365,6 +1365,9 @@
fprintf(stderr, " -e filename Output CSV file with percentages served\n");
#ifdef USE_SSL
fprintf(stderr, " -s Use httpS instead of HTTP (SSL)\n");
+ fprintf(stderr, " -m version SSL version is (SSLv2|SSLv3|TLSv1)\n");
+ fprintf(stderr, " If not specified, use highest available.\n");
+ fprintf(stderr, " Use this option together with -s.\n");
#endif
fprintf(stderr, " -h Display usage information (this message)\n");
exit(EINVAL);
@@ -1463,6 +1466,9 @@
{
int c, r, l;
char tmp[1024];
+#ifdef USE_SSL
+ SSL_METHOD *ssl_method = NULL;
+#endif
/* table defaults */
tablestring = "";
trstring = "";
@@ -1474,13 +1480,30 @@
optind = 1;
while ((c = getopt(argc, argv, "n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq"
#ifdef USE_SSL
- "s"
+ "sm:"
#endif
)) > 0) {
switch (c) {
#ifdef USE_SSL
case 's':
ssl = 1;
+ if (ssl_method == NULL) {
+ ssl_method = SSLv23_client_method();
+ }
+ break;
+ case 'm':
+ ssl = 1;
+ if (!strcmp(optarg, "SSLv2")) {
+ ssl_method = SSLv2_client_method();
+ } else if (!strcmp(optarg, "SSLv3")) {
+ ssl_method = SSLv3_client_method();
+ } else if (!strcmp(optarg, "TLSv1")) {
+ ssl_method = TLSv1_client_method();
+ } else {
+ fprintf(stderr, "SSL method %s not supported. Defaulting to highest "
+ "supported version.\n", optarg);
+ ssl_method = SSLv23_client_method();
+ }
break;
#endif
case 'n':
@@ -1655,7 +1678,7 @@
#ifdef USE_SSL
SSL_library_init();
- if (!(ctx = SSL_CTX_new(SSLv2_client_method()))) {
+ if (!(ctx = SSL_CTX_new(ssl_method))) {
fprintf(stderr, "Could not init SSL CTX: ");
ERR_print_errors_fp(stderr);
exit(1);-- [EMAIL PROTECTED] http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
