#include "ap_config_auto.h"
#endif
-#if defined(HAVE_SSLC)
-
-/* Libraries for RSA SSL-C */
-#include <rsa.h>
-#include <x509.h>
-#include <pem.h>
-#include <err.h>
-#include <ssl.h>
-#include <r_rand.h>
-#include <sslc.h>
-#define USE_SSL
-#define RSAREF
-#define SK_NUM(x) sk_num(x)
-#define SK_VALUE(x,y) sk_value(x,y)
-typedef STACK X509_STACK_TYPE;
-
-#elif defined(HAVE_OPENSSL)
+#if defined(HAVE_OPENSSL)
-/* Libraries on most systems.. */
#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#define SK_VALUE(x,y) sk_X509_value(x,y)
typedef STACK_OF(X509) X509_STACK_TYPE;
+#if defined(_MSC_VER) && !defined(LIBRESSL_VERSION_NUMBER)
+/* The following logic ensures we correctly glue FILE* within one CRT used
+ * by the OpenSSL library build to another CRT used by the ab.exe build.
+ * This became especially problematic with Visual Studio 2015.
+ */
+#include <openssl/applink.c>
+#endif
+
#endif
#if defined(USE_SSL)
#else
#define AB_SSL_CIPHER_CONST
#endif
+#ifdef SSL_OP_NO_TLSv1_2
+#define HAVE_TLSV1_X
+#endif
+#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
+#define HAVE_TLSEXT
+#endif
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2060000f
+#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
+#define SSL_CTX_set_min_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_CTX_set_max_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#endif
#endif
#include <math.h>
STATE_READ
} connect_state_e;
-#define CBUFFSIZE (2048)
+#define CBUFFSIZE (8192)
struct connection {
apr_pool_t *ctx;
apr_interval_time_t time; /* time for connection */
};
-#define ap_min(a,b) ((a)<(b))?(a):(b)
-#define ap_max(a,b) ((a)>(b))?(a):(b)
+#define ap_min(a,b) (((a)<(b))?(a):(b))
+#define ap_max(a,b) (((a)>(b))?(a):(b))
#define ap_round_ms(a) ((apr_time_t)((a) + 500)/1000)
#define ap_double_ms(a) ((double)(a)/1000.0)
#define MAX_CONCURRENCY 20000
int verbosity = 0; /* no verbosity by default */
int recverrok = 0; /* ok to proceed after socket receive errors */
-enum {NO_METH = 0, GET, HEAD, PUT, POST} method = NO_METH;
-const char *method_str[] = {"bug", "GET", "HEAD", "PUT", "POST"};
+enum {NO_METH = 0, GET, HEAD, PUT, POST, CUSTOM_METHOD} method = NO_METH;
+const char *method_str[] = {"bug", "GET", "HEAD", "PUT", "POST", ""};
int send_body = 0; /* non-zero if sending body with request */
int requests = 1; /* Number of requests to make */
int heartbeatres = 100; /* How often do we say we're alive */
int concurrency = 1; /* Number of multiple requests to make */
int percentile = 1; /* Show percentile served */
+int nolength = 0; /* Accept variable document length */
int confidence = 1; /* Show confidence estimator and warnings */
int tlimit = 0; /* time limit in secs */
int keepalive = 0; /* try and do keepalive connections */
int windowsize = 0; /* we use the OS default window size */
char servername[1024]; /* name that server reports */
char *hostname; /* host name from URL */
-char *host_field; /* value of "Host:" header field */
-char *path; /* path name */
-char postfile[1024]; /* name of file containing post data */
+const char *host_field; /* value of "Host:" header field */
+const char *path; /* path name */
char *postdata; /* *buffer containing data from postfile */
apr_size_t postlen = 0; /* length of data to be POSTed */
-char content_type[1024];/* content type to put in POST header */
-char *cookie, /* optional cookie line */
- *auth, /* optional (basic/uuencoded) auhentication */
- *hdrs; /* optional arbitrary headers */
+char *content_type = NULL; /* content type to put in POST header */
+const char *cookie, /* optional cookie line */
+ *auth, /* optional (basic/uuencoded) auhentication */
+ *hdrs; /* optional arbitrary headers */
apr_port_t port; /* port number */
-char proxyhost[1024]; /* proxy host name */
+char *proxyhost = NULL; /* proxy host name */
int proxyport = 0; /* proxy port */
-char *connecthost;
+const char *connecthost;
+const char *myhost;
apr_port_t connectport;
-char *gnuplot; /* GNUplot file */
-char *csvperc; /* CSV Percentile file */
-char url[1024];
-char * fullurl, * colonhost;
+const char *gnuplot; /* GNUplot file */
+const char *csvperc; /* CSV Percentile file */
+const char *fullurl;
+const char *colonhost;
int isproxy = 0;
apr_interval_time_t aprtimeout = apr_time_from_sec(30); /* timeout value */
/* overrides for ab-generated common headers */
-int opt_host = 0; /* was an optional "Host:" header specified? */
+const char *opt_host; /* which optional "Host:" header specified, if any */
int opt_useragent = 0; /* was an optional "User-Agent:" header specified? */
int opt_accept = 0; /* was an optional "Accept:" header specified? */
/*
SSL_CTX *ssl_ctx;
char *ssl_cipher = NULL;
char *ssl_info = NULL;
+char *ssl_cert = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+char *ssl_tmp_key = NULL;
+#endif
BIO *bio_out,*bio_err;
+#ifdef HAVE_TLSEXT
+int tls_use_sni = 1; /* used by default, -I disables it */
+const char *tls_sni = NULL; /* 'opt_host' if any, 'hostname' otherwise */
+#endif
#endif
apr_time_t start, lasttime, stoptime;
/* global request (and its length) */
-char _request[2048];
+char _request[8192];
char *request = _request;
apr_size_t reqlen;
+int requests_initialized = 0;
/* one global throw-away buffer to read stuff into */
char buffer[8192];
apr_pollset_t *readbits;
+apr_sockaddr_t *mysa;
apr_sockaddr_t *destsa;
#ifdef NOT_ASCII
/* simple little function to write an error string and exit */
-static void err(char *s)
+static void err(const char *s)
{
fprintf(stderr, "%s\n", s);
if (done)
/* simple little function to write an APR error string and exit */
-static void apr_err(char *s, apr_status_t rv)
+static void apr_err(const char *s, apr_status_t rv)
{
char buf[120];
exit(rv);
}
+static void *xmalloc(size_t size)
+{
+ void *ret = malloc(size);
+ if (ret == NULL) {
+ fprintf(stderr, "Could not allocate memory (%"
+ APR_SIZE_T_FMT" bytes)\n", size);
+ exit(1);
+ }
+ return ret;
+}
+
+static void *xcalloc(size_t num, size_t size)
+{
+ void *ret = calloc(num, size);
+ if (ret == NULL) {
+ fprintf(stderr, "Could not allocate memory (%"
+ APR_SIZE_T_FMT" bytes)\n", size*num);
+ exit(1);
+ }
+ return ret;
+}
+
+static char *xstrdup(const char *s)
+{
+ char *ret = strdup(s);
+ if (ret == NULL) {
+ fprintf(stderr, "Could not allocate memory (%"
+ APR_SIZE_T_FMT " bytes)\n", strlen(s));
+ exit(1);
+ }
+ return ret;
+}
+
+/*
+ * Similar to standard strstr() but we ignore case in this version.
+ * Copied from ap_strcasestr().
+ */
+static char *xstrcasestr(const char *s1, const char *s2)
+{
+ char *p1, *p2;
+ if (*s2 == '\0') {
+ /* an empty s2 */
+ return((char *)s1);
+ }
+ while(1) {
+ for ( ; (*s1 != '\0') && (apr_tolower(*s1) != apr_tolower(*s2)); s1++);
+ if (*s1 == '\0') {
+ return(NULL);
+ }
+ /* found first character of s2, see if the rest matches */
+ p1 = (char *)s1;
+ p2 = (char *)s2;
+ for (++p1, ++p2; apr_tolower(*p1) == apr_tolower(*p2); ++p1, ++p2) {
+ if (*p1 == '\0') {
+ /* both strings ended together */
+ return((char *)s1);
+ }
+ }
+ if (*p2 == '\0') {
+ /* second string ended, a match */
+ break;
+ }
+ /* didn't find a match here, try starting at next character in s1 */
+ s1++;
+ }
+ return((char *)s1);
+}
+
+/* pool abort function */
+static int abort_on_oom(int retcode)
+{
+ fprintf(stderr, "Could not allocate memory\n");
+ exit(1);
+ /* not reached */
+ return retcode;
+}
+
static void set_polled_events(struct connection *c, apr_int16_t new_reqevents)
{
apr_status_t rv;
static void ssl_rand_seed(void)
{
- int nDone = 0;
int n, l;
time_t t;
pid_t pid;
t = time(NULL);
l = sizeof(time_t);
RAND_seed((unsigned char *)&t, l);
- nDone += l;
/*
* seed in the current process id (usually just 4 bytes)
pid = getpid();
l = sizeof(pid_t);
RAND_seed((unsigned char *)&pid, l);
- nDone += l;
/*
* seed in some current state of the run-time stack (128 bytes)
*/
n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
RAND_seed(stackdata+n, 128);
- nDone += 128;
}
static int ssl_print_connection_info(BIO *bio, SSL *ssl)
AB_SSL_CIPHER_CONST SSL_CIPHER *c;
int alg_bits,bits;
+ BIO_printf(bio,"Transport Protocol :%s\n", SSL_get_version(ssl));
+
c = SSL_get_current_cipher(ssl);
BIO_printf(bio,"Cipher Suite Protocol :%s\n", SSL_CIPHER_get_version(c));
BIO_printf(bio,"Cipher Suite Name :%s\n",SSL_CIPHER_get_name(c));
static void ssl_print_cert_info(BIO *bio, X509 *cert)
{
X509_NAME *dn;
+ EVP_PKEY *pk;
char buf[1024];
BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
BIO_printf(bio,"\n");
+ pk = X509_get_pubkey(cert);
BIO_printf(bio,"Public key is %d bits\n",
- EVP_PKEY_bits(X509_get_pubkey(cert)));
+ EVP_PKEY_bits(pk));
+ EVP_PKEY_free(pk);
dn = X509_get_issuer_name(cert);
X509_NAME_oneline(dn, buf, sizeof(buf));
else
pk_bits = 0; /* Anon DH */
- ssl_info = malloc(128);
+ ssl_info = xmalloc(128);
apr_snprintf(ssl_info, 128, "%s,%s,%d,%d",
- SSL_CIPHER_get_version(ci),
+ SSL_get_version(c->ssl),
SSL_CIPHER_get_name(ci),
pk_bits, sk_bits);
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (ssl_tmp_key == NULL) {
+ EVP_PKEY *key;
+ if (SSL_get_server_tmp_key(c->ssl, &key)) {
+ ssl_tmp_key = xmalloc(128);
+ switch (EVP_PKEY_id(key)) {
+ case EVP_PKEY_RSA:
+ apr_snprintf(ssl_tmp_key, 128, "RSA %d bits",
+ EVP_PKEY_bits(key));
+ break;
+ case EVP_PKEY_DH:
+ apr_snprintf(ssl_tmp_key, 128, "DH %d bits",
+ EVP_PKEY_bits(key));
+ break;
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC: {
+ const char *cname = NULL;
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ EC_KEY_free(ec);
+ cname = EC_curve_nid2nist(nid);
+ if (!cname)
+ cname = OBJ_nid2sn(nid);
+
+ apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",
+ cname,
+ EVP_PKEY_bits(key));
+ break;
+ }
+#endif
+ default:
+ apr_snprintf(ssl_tmp_key, 128, "%s %d bits",
+ OBJ_nid2sn(EVP_PKEY_id(key)),
+ EVP_PKEY_bits(key));
+ break;
+ }
+ EVP_PKEY_free(key);
+ }
+ }
+#endif
write_request(c);
do_next = 0;
break;
do_next = 0;
break;
case SSL_ERROR_WANT_WRITE:
- /* Try again */
- do_next = 1;
+ set_polled_events(c, APR_POLLOUT);
+ do_next = 0;
break;
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_SSL:
static void write_request(struct connection * c)
{
+ if (started >= requests) {
+ return;
+ }
+
do {
apr_time_t tnow;
apr_size_t l = c->rwrite;
c->rwrite = reqlen;
if (send_body)
c->rwrite += postlen;
+ l = c->rwrite;
}
else if (tnow > c->connect + aprtimeout) {
printf("Send request timed out!\n");
#ifdef USE_SSL
if (c->ssl) {
- apr_size_t e_ssl;
- e_ssl = SSL_write(c->ssl,request + c->rwrote, l);
- if (e_ssl != l) {
- BIO_printf(bio_err, "SSL write failed - closing connection\n");
- ERR_print_errors(bio_err);
- close_connection (c);
+ e = SSL_write(c->ssl, request + c->rwrote, l);
+ if (e <= 0) {
+ switch (SSL_get_error(c->ssl, e)) {
+ case SSL_ERROR_WANT_READ:
+ set_polled_events(c, APR_POLLIN);
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ set_polled_events(c, APR_POLLOUT);
+ break;
+ default:
+ BIO_printf(bio_err, "SSL write failed - closing connection\n");
+ ERR_print_errors(bio_err);
+ close_connection (c);
+ break;
+ }
return;
}
- l = e_ssl;
- e = APR_SUCCESS;
+ l = e;
}
else
#endif
+ {
e = apr_socket_send(c->aprsock, request + c->rwrote, &l);
-
- if (e != APR_SUCCESS && !APR_STATUS_IS_EAGAIN(e)) {
- epipe++;
- printf("Send request failed!\n");
- close_connection(c);
- return;
+ if (e != APR_SUCCESS && !l) {
+ if (!APR_STATUS_IS_EAGAIN(e)) {
+ epipe++;
+ printf("Send request failed!\n");
+ close_connection(c);
+ }
+ else {
+ set_polled_events(c, APR_POLLOUT);
+ }
+ return;
+ }
}
totalposted += l;
c->rwrote += l;
} while (c->rwrite);
c->endwrite = lasttime = apr_time_now();
+ started++;
set_conn_state(c, STATE_READ);
}
if (is_ssl && ssl_info) {
printf("SSL/TLS Protocol: %s\n", ssl_info);
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (is_ssl && ssl_tmp_key) {
+ printf("Server Temp Key: %s\n", ssl_tmp_key);
+ }
+#endif
+#ifdef HAVE_TLSEXT
+ if (is_ssl && tls_sni) {
+ printf("TLS Server Name: %s\n", tls_sni);
+ }
+#endif
#endif
printf("\n");
printf("Document Path: %s\n", path);
- printf("Document Length: %" APR_SIZE_T_FMT " bytes\n", doclen);
+ if (nolength)
+ printf("Document Length: Variable\n");
+ else
+ printf("Document Length: %" APR_SIZE_T_FMT " bytes\n", doclen);
printf("\n");
printf("Concurrency Level: %d\n", concurrency);
printf("Time taken for tests: %.3f seconds\n", timetaken);
if (bad)
printf(" (Connect: %d, Receive: %d, Length: %d, Exceptions: %d)\n",
err_conn, err_recv, err_length, err_except);
- printf("Write errors: %d\n", epipe);
+ if (epipe)
+ printf("Write errors: %d\n", epipe);
if (err_response)
printf("Non-2xx responses: %d\n", err_response);
if (keepalive)
(double) totalread / 1024 / timetaken);
if (send_body) {
printf(" %.2f kb/s sent\n",
- (double) totalposted / timetaken / 1024);
+ (double) totalposted / 1024 / timetaken);
printf(" %.2f kb/s total\n",
- (double) (totalread + totalposted) / timetaken / 1024);
+ (double) (totalread + totalposted) / 1024 / timetaken);
}
}
printf(" min avg max\n");
#define CONF_FMT_STRING "%5" APR_TIME_T_FMT " %5" APR_TIME_T_FMT "%5" APR_TIME_T_FMT "\n"
printf("Connect: " CONF_FMT_STRING, mincon, meancon, maxcon);
- printf("Processing: " CONF_FMT_STRING, mintot - mincon,
- meantot - meancon,
- maxtot - maxcon);
+ printf("Processing: " CONF_FMT_STRING, mind, meand, maxd);
+ printf("Waiting: " CONF_FMT_STRING, minwait, meanwait, maxwait);
printf("Total: " CONF_FMT_STRING, mintot, meantot, maxtot);
#undef CONF_FMT_STRING
}
ap_round_ms(stats[done - 1].time));
else
printf(" %d%% %5" APR_TIME_T_FMT "\n", percs[i],
- ap_round_ms(stats[(int) (done * percs[i] / 100)].time));
+ ap_round_ms(stats[(unsigned long)done * percs[i] / 100].time));
}
}
if (csvperc) {
exit(1);
}
fprintf(out, "" "Percentage served" "," "Time in ms" "\n");
- for (i = 0; i < 100; i++) {
+ for (i = 0; i <= 100; i++) {
double t;
if (i == 0)
t = ap_double_ms(stats[0].time);
else if (i == 100)
t = ap_double_ms(stats[done - 1].time);
else
- t = ap_double_ms(stats[(int) (0.5 + done * i / 100.0)].time);
+ t = ap_double_ms(stats[(unsigned long) (0.5 + (double)done * i / 100.0)].time);
fprintf(out, "%d,%.3f\n", i, t);
}
fclose(out);
printf("<tr %s><th colspan=2 %s>Document Path:</th>"
"<td colspan=2 %s>%s</td></tr>\n",
trstring, tdstring, tdstring, path);
- printf("<tr %s><th colspan=2 %s>Document Length:</th>"
- "<td colspan=2 %s>%" APR_SIZE_T_FMT " bytes</td></tr>\n",
- trstring, tdstring, tdstring, doclen);
+ if (nolength)
+ printf("<tr %s><th colspan=2 %s>Document Length:</th>"
+ "<td colspan=2 %s>Variable</td></tr>\n",
+ trstring, tdstring, tdstring);
+ else
+ printf("<tr %s><th colspan=2 %s>Document Length:</th>"
+ "<td colspan=2 %s>%" APR_SIZE_T_FMT " bytes</td></tr>\n",
+ trstring, tdstring, tdstring, doclen);
printf("<tr %s><th colspan=2 %s>Concurrency Level:</th>"
"<td colspan=2 %s>%d</td></tr>\n",
trstring, tdstring, tdstring, concurrency);
if (timetaken) {
printf("<tr %s><th colspan=2 %s>Requests per second:</th>"
"<td colspan=2 %s>%.2f</td></tr>\n",
- trstring, tdstring, tdstring, (double) done * 1000 / timetaken);
+ trstring, tdstring, tdstring, (double) done / timetaken);
printf("<tr %s><th colspan=2 %s>Transfer rate:</th>"
"<td colspan=2 %s>%.2f kb/s received</td></tr>\n",
- trstring, tdstring, tdstring, (double) totalread / timetaken);
+ trstring, tdstring, tdstring, (double) totalread / 1024 / timetaken);
if (send_body) {
printf("<tr %s><td colspan=2 %s> </td>"
"<td colspan=2 %s>%.2f kb/s sent</td></tr>\n",
trstring, tdstring, tdstring,
- (double) totalposted / timetaken);
+ (double) totalposted / 1024 / timetaken);
printf("<tr %s><td colspan=2 %s> </td>"
"<td colspan=2 %s>%.2f kb/s total</td></tr>\n",
trstring, tdstring, tdstring,
- (double) (totalread + totalposted) / timetaken);
+ (double) (totalread + totalposted) / 1024 / timetaken);
}
}
{
apr_status_t rv;
if (!(started < requests))
- return;
+ return;
c->read = 0;
c->bread = 0;
apr_err("socket", rv);
}
+ if (myhost) {
+ if ((rv = apr_socket_bind(c->aprsock, mysa)) != APR_SUCCESS) {
+ apr_err("bind", rv);
+ }
+ }
+
c->pollfd.desc_type = APR_POLL_SOCKET;
c->pollfd.desc.s = c->aprsock;
c->pollfd.reqevents = 0;
}
if (windowsize != 0) {
- rv = apr_socket_opt_set(c->aprsock, APR_SO_SNDBUF,
+ rv = apr_socket_opt_set(c->aprsock, APR_SO_SNDBUF,
windowsize);
if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) {
apr_err("socket send buffer", rv);
}
- rv = apr_socket_opt_set(c->aprsock, APR_SO_RCVBUF,
+ rv = apr_socket_opt_set(c->aprsock, APR_SO_RCVBUF,
windowsize);
if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) {
apr_err("socket receive buffer", rv);
ssl_rand_seed();
apr_os_sock_get(&fd, c->aprsock);
bio = BIO_new_socket(fd, BIO_NOCLOSE);
+ BIO_set_nbio(bio, 1);
SSL_set_bio(c->ssl, bio, bio);
SSL_set_connect_state(c->ssl);
if (verbosity >= 4) {
BIO_set_callback(bio, ssl_print_cb);
BIO_set_callback_arg(bio, (void *)bio_err);
}
+#ifdef HAVE_TLSEXT
+ if (tls_sni) {
+ SSL_set_tlsext_host_name(c->ssl, tls_sni);
+ }
+#endif
} else {
c->ssl = NULL;
}
else {
set_conn_state(c, STATE_UNCONNECTED);
apr_socket_close(c->aprsock);
- err_conn++;
- if (bad++ > 10) {
+ if (good == 0 && destsa->next) {
+ destsa = destsa->next;
+ err_conn = 0;
+ }
+ else if (bad++ > 10) {
fprintf(stderr,
"\nTest aborted after 10 failures\n\n");
apr_err("apr_socket_connect()", rv);
}
-
+ else {
+ err_conn++;
+ }
+
start_connect(c);
return;
}
/* connected first time */
set_conn_state(c, STATE_CONNECTED);
- started++;
#ifdef USE_SSL
if (c->ssl) {
ssl_proceed_handshake(c);
/* first time here */
doclen = c->bread;
}
- else if (c->bread != doclen) {
+ else if ((c->bread != doclen) && !nolength) {
bad++;
err_length++;
}
apr_status_t status;
char *part;
char respcode[4]; /* 3 digits and null */
+ int i;
r = sizeof(buffer);
+read_more:
#ifdef USE_SSL
if (c->ssl) {
status = SSL_read(c->ssl, buffer, r);
good++;
close_connection(c);
}
- else if (scode != SSL_ERROR_WANT_WRITE
- && scode != SSL_ERROR_WANT_READ) {
+ else if (scode == SSL_ERROR_SYSCALL
+ && status == 0
+ && c->read != 0) {
+ /* connection closed, but in violation of the protocol, after
+ * some data has already been read; this commonly happens, so
+ * let the length check catch any response errors
+ */
+ good++;
+ close_connection(c);
+ }
+ else if (scode == SSL_ERROR_SYSCALL
+ && c->read == 0
+ && destsa->next
+ && c->state == STATE_CONNECTING
+ && good == 0) {
+ return;
+ }
+ else if (scode == SSL_ERROR_WANT_READ) {
+ set_polled_events(c, APR_POLLIN);
+ }
+ else if (scode == SSL_ERROR_WANT_WRITE) {
+ set_polled_events(c, APR_POLLOUT);
+ }
+ else {
/* some fatal error: */
c->read = 0;
- BIO_printf(bio_err, "SSL read failed - closing connection\n");
+ BIO_printf(bio_err, "SSL read failed (%d) - closing connection\n", scode);
ERR_print_errors(bio_err);
close_connection(c);
}
}
/* catch legitimate fatal apr_socket_recv errors */
else if (status != APR_SUCCESS) {
- err_recv++;
if (recverrok) {
+ err_recv++;
bad++;
close_connection(c);
if (verbosity >= 1) {
fprintf(stderr,"%s: %s (%d)\n", "apr_socket_recv", apr_strerror(status, buf, sizeof buf), status);
}
return;
- } else {
+ } else if (destsa->next && c->state == STATE_CONNECTING
+ && c->read == 0 && good == 0) {
+ return;
+ }
+ else {
+ err_recv++;
apr_err("apr_socket_recv", status);
}
}
* this is first time, extract some interesting info
*/
char *p, *q;
- p = strstr(c->cbuff, "Server:");
+ size_t len = 0;
+ p = xstrcasestr(c->cbuff, "Server:");
q = servername;
if (p) {
p += 8;
- while (*p > 32)
- *q++ = *p++;
+ /* -1 to not overwrite last '\0' byte */
+ while (*p > 32 && len++ < sizeof(servername) - 1)
+ *q++ = *p++;
}
*q = 0;
}
}
c->gotheader = 1;
*s = 0; /* terminate at end of header */
- if (keepalive &&
- (strstr(c->cbuff, "Keep-Alive")
- || strstr(c->cbuff, "keep-alive"))) { /* for benefit of MSIIS */
+ if (keepalive && xstrcasestr(c->cbuff, "Keep-Alive")) {
char *cl;
- cl = strstr(c->cbuff, "Content-Length:");
- /* handle NCSA, which sends Content-length: */
- if (!cl)
- cl = strstr(c->cbuff, "Content-length:");
- if (cl) {
- c->keepalive = 1;
+ c->keepalive = 1;
+ cl = xstrcasestr(c->cbuff, "Content-Length:");
+ if (cl && method != HEAD) {
/* response to HEAD doesn't have entity body */
- c->length = method != HEAD ? atoi(cl + 16) : 0;
+ c->length = atoi(cl + 16);
}
- /* The response may not have a Content-Length header */
- if (!cl) {
- c->keepalive = 1;
- c->length = 0;
+ else {
+ c->length = 0;
}
}
c->bread += c->cbx - (s + l - c->cbuff) + r - tocopy;
totalbread += c->bread;
+
+ /* We have received the header, so we know this destination socket
+ * address is working, so initialize all remaining requests. */
+ if (!requests_initialized) {
+ for (i = 1; i < concurrency; i++) {
+ con[i].socknum = i;
+ start_connect(&con[i]);
+ }
+ requests_initialized = 1;
+ }
}
}
else {
c->bread += r;
totalbread += r;
}
+ if (r == sizeof(buffer) && c->bread < c->length) {
+ /* read was full, try more immediately (nonblocking already) */
+ goto read_more;
+ }
if (c->keepalive && (c->bread >= c->length)) {
/* finished a keep-alive connection */
/* first time here */
doclen = c->bread;
}
- else if (c->bread != doclen) {
+ else if ((c->bread != doclen) && !nolength) {
bad++;
err_length++;
}
c->read = c->bread = 0;
/* zero connect time with keep-alive */
c->start = c->connect = lasttime = apr_time_now();
+ set_conn_state(c, STATE_CONNECTED);
write_request(c);
}
}
fflush(stdout);
}
- con = calloc(concurrency, sizeof(struct connection));
+ con = xcalloc(concurrency, sizeof(struct connection));
/*
* XXX: a way to calculate the stats without requiring O(requests) memory
* XXX: would be nice.
*/
- stats = calloc(requests, sizeof(struct data));
- if (stats == NULL) {
- err("Cannot allocate memory for result statistics");
- }
+ stats = xcalloc(requests, sizeof(struct data));
if ((status = apr_pollset_create(&readbits, concurrency, cntxt,
APR_POLLSET_NOCOPY)) != APR_SUCCESS) {
/* Header overridden, no need to add, as it is already in hdrs */
}
+#ifdef HAVE_TLSEXT
+ if (is_ssl && tls_use_sni) {
+ apr_ipsubnet_t *ip;
+ if (((tls_sni = opt_host) || (tls_sni = hostname)) &&
+ (!*tls_sni || apr_ipsubnet_create(&ip, tls_sni, NULL,
+ cntxt) == APR_SUCCESS)) {
+ /* IP not allowed in TLS SNI extension */
+ tls_sni = NULL;
+ }
+ }
+#endif
+
if (!opt_useragent) {
/* User-Agent: header not overridden, add default value to hdrs */
hdrs = apr_pstrcat(cntxt, hdrs, "User-Agent: ApacheBench/", AP_AB_BASEREVISION, "\r\n", NULL);
keepalive ? "Connection: Keep-Alive\r\n" : "",
cookie, auth,
postlen,
- (content_type[0]) ? content_type : "text/plain", hdrs);
+ (content_type != NULL) ? content_type : "text/plain", hdrs);
}
if (snprintf_res >= sizeof(_request)) {
err("Request too long\n");
}
if (verbosity >= 2)
- printf("INFO: %s header == \n---\n%s\n---\n",
+ printf("INFO: %s header == \n---\n%s\n---\n",
method_str[method], request);
reqlen = strlen(request);
* Combine headers and (optional) post file into one continuous buffer
*/
if (send_body) {
- char *buff = malloc(postlen + reqlen + 1);
- if (!buff) {
- fprintf(stderr, "error creating request buffer: out of memory\n");
- return;
- }
+ char *buff = xmalloc(postlen + reqlen + 1);
strcpy(buff, request);
memcpy(buff + reqlen, postdata, postlen);
request = buff;
}
#endif /* NOT_ASCII */
- /* This only needs to be done once */
- if ((rv = apr_sockaddr_info_get(&destsa, connecthost, APR_UNSPEC, connectport, 0, cntxt))
+ if (myhost) {
+ /* This only needs to be done once */
+ if ((rv = apr_sockaddr_info_get(&mysa, myhost, APR_UNSPEC, 0, 0, cntxt)) != APR_SUCCESS) {
+ char buf[120];
+ apr_snprintf(buf, sizeof(buf),
+ "apr_sockaddr_info_get() for %s", myhost);
+ apr_err(buf, rv);
+ }
+ }
+
+ /* This too */
+ if ((rv = apr_sockaddr_info_get(&destsa, connecthost,
+ myhost ? mysa->family : APR_UNSPEC,
+ connectport, 0, cntxt))
!= APR_SUCCESS) {
char buf[120];
apr_snprintf(buf, sizeof(buf),
start = lasttime = apr_time_now();
stoptime = tlimit ? (start + apr_time_from_sec(tlimit)) : AB_MAX;
-#ifdef SIGINT
+#ifdef SIGINT
/* Output the results if the user terminates the run early. */
apr_signal(SIGINT, output_results);
#endif
- /* initialise lots of requests */
- for (i = 0; i < concurrency; i++) {
- con[i].socknum = i;
- start_connect(&con[i]);
- }
+ /* initialise first connection to determine destination socket address
+ * which should be used for next connections. */
+ con[0].socknum = 0;
+ start_connect(&con[0]);
do {
apr_int32_t n;
- const apr_pollfd_t *pollresults;
+ const apr_pollfd_t *pollresults, *pollfd;
n = concurrency;
do {
status = apr_pollset_poll(readbits, aprtimeout, &n, &pollresults);
} while (APR_STATUS_IS_EINTR(status));
if (status != APR_SUCCESS)
- apr_err("apr_poll", status);
-
- if (!n) {
- err("\nServer timed out\n\n");
- }
+ apr_err("apr_pollset_poll", status);
- for (i = 0; i < n; i++) {
- const apr_pollfd_t *next_fd = &(pollresults[i]);
+ for (i = 0, pollfd = pollresults; i < n; i++, pollfd++) {
struct connection *c;
- c = next_fd->client_data;
+ c = pollfd->client_data;
/*
* If the connection isn't connected how can we check it?
if (c->state == STATE_UNCONNECTED)
continue;
- rtnev = next_fd->rtnevents;
+ rtnev = pollfd->rtnevents;
#ifdef USE_SSL
if (c->state == STATE_CONNECTED && c->ssl && SSL_in_init(c->ssl)) {
if ((rtnev & APR_POLLIN) || (rtnev & APR_POLLPRI) || (rtnev & APR_POLLHUP))
read_connection(c);
if ((rtnev & APR_POLLERR) || (rtnev & APR_POLLNVAL)) {
- bad++;
- err_except++;
- /* avoid apr_poll/EINPROGRESS loop on HP-UX, let recv discover ECONNREFUSED */
- if (c->state == STATE_CONNECTING) {
- read_connection(c);
- }
- else {
+ if (destsa->next && c->state == STATE_CONNECTING && good == 0) {
+ destsa = destsa->next;
start_connect(c);
}
+ else {
+ bad++;
+ err_except++;
+ /* avoid apr_poll/EINPROGRESS loop on HP-UX, let recv discover ECONNREFUSED */
+ if (c->state == STATE_CONNECTING) {
+ read_connection(c);
+ }
+ else {
+ start_connect(c);
+ }
+ }
continue;
}
if (rtnev & APR_POLLOUT) {
if (c->state == STATE_CONNECTING) {
+ /* call connect() again to detect errors */
rv = apr_socket_connect(c->aprsock, destsa);
if (rv != APR_SUCCESS) {
set_conn_state(c, STATE_UNCONNECTED);
}
else {
set_conn_state(c, STATE_CONNECTED);
- started++;
#ifdef USE_SSL
if (c->ssl)
ssl_proceed_handshake(c);
}
}
else {
- write_request(c);
+ /* POLLOUT is one shot */
+ set_polled_events(c, APR_POLLIN);
+ if (c->state == STATE_READ) {
+ read_connection(c);
+ }
+ else {
+ write_request(c);
+ }
}
}
}
} while (lasttime < stoptime && done < requests);
-
+
if (heartbeatres)
fprintf(stderr, "Finished %d requests\n", done);
else
*/
fprintf(stderr, "Options are:\n");
fprintf(stderr, " -n requests Number of requests to perform\n");
- fprintf(stderr, " -c concurrency Number of multiple requests to make\n");
- fprintf(stderr, " -t timelimit Seconds to max. wait for responses\n");
+ fprintf(stderr, " -c concurrency Number of multiple requests to make at a time\n");
+ fprintf(stderr, " -t timelimit Seconds to max. to spend on benchmarking\n");
+ fprintf(stderr, " This implies -n 50000\n");
+ fprintf(stderr, " -s timeout Seconds to max. wait for each response\n");
+ fprintf(stderr, " Default is 30 seconds\n");
fprintf(stderr, " -b windowsize Size of TCP send/receive buffer, in bytes\n");
+ fprintf(stderr, " -B address Address to bind to when making outgoing connections\n");
fprintf(stderr, " -p postfile File containing data to POST. Remember also to set -T\n");
fprintf(stderr, " -u putfile File containing data to PUT. Remember also to set -T\n");
- fprintf(stderr, " -T content-type Content-type header for POSTing, eg.\n");
+ fprintf(stderr, " -T content-type Content-type header to use for POST/PUT data, eg.\n");
fprintf(stderr, " 'application/x-www-form-urlencoded'\n");
fprintf(stderr, " Default is 'text/plain'\n");
fprintf(stderr, " -v verbosity How much troubleshooting info to print\n");
fprintf(stderr, " -x attributes String to insert as table attributes\n");
fprintf(stderr, " -y attributes String to insert as tr attributes\n");
fprintf(stderr, " -z attributes String to insert as td or th attributes\n");
- fprintf(stderr, " -C attribute Add cookie, eg. 'Apache=1234. (repeatable)\n");
+ fprintf(stderr, " -C attribute Add cookie, eg. 'Apache=1234'. (repeatable)\n");
fprintf(stderr, " -H attribute Add Arbitrary header line, eg. 'Accept-Encoding: gzip'\n");
fprintf(stderr, " Inserted after all normal header lines. (repeatable)\n");
fprintf(stderr, " -A attribute Add Basic WWW Authentication, the attributes\n");
fprintf(stderr, " -k Use HTTP KeepAlive feature\n");
fprintf(stderr, " -d Do not show percentiles served table.\n");
fprintf(stderr, " -S Do not show confidence estimators and warnings.\n");
+ fprintf(stderr, " -q Do not show progress when doing more than 150 requests\n");
+ fprintf(stderr, " -l Accept variable document length (use this for dynamic pages)\n");
fprintf(stderr, " -g filename Output collected data to gnuplot format file.\n");
fprintf(stderr, " -e filename Output CSV file with percentages served\n");
fprintf(stderr, " -r Don't exit on socket receive errors.\n");
+ fprintf(stderr, " -m method Method name\n");
fprintf(stderr, " -h Display usage information (this message)\n");
#ifdef USE_SSL
+
+#ifndef OPENSSL_NO_SSL2
+#define SSL2_HELP_MSG "SSL2, "
+#else
+#define SSL2_HELP_MSG ""
+#endif
+
+#ifndef OPENSSL_NO_SSL3
+#define SSL3_HELP_MSG "SSL3, "
+#else
+#define SSL3_HELP_MSG ""
+#endif
+
+#ifdef HAVE_TLSV1_X
+#define TLS1_X_HELP_MSG ", TLS1.1, TLS1.2"
+#else
+#define TLS1_X_HELP_MSG ""
+#endif
+
+#ifdef HAVE_TLSEXT
+ fprintf(stderr, " -I Disable TLS Server Name Indication (SNI) extension\n");
+#endif
fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n");
- fprintf(stderr, " -f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)\n");
+ fprintf(stderr, " -f protocol Specify SSL/TLS protocol\n");
+ fprintf(stderr, " (" SSL2_HELP_MSG SSL3_HELP_MSG "TLS1" TLS1_X_HELP_MSG " or ALL)\n");
+ fprintf(stderr, " -E certfile Specify optional client certificate chain and private key\n");
#endif
exit(EINVAL);
}
/* split URL into parts */
-static int parse_url(char *url)
+static int parse_url(const char *url)
{
char *cp;
char *h;
return rv;
}
postlen = (apr_size_t)finfo.size;
- postdata = malloc(postlen);
- if (!postdata) {
- fprintf(stderr, "ab: Could not allocate POST data buffer\n");
- return APR_ENOMEM;
- }
+ postdata = xmalloc(postlen);
rv = apr_file_read_full(postfd, postdata, postlen, NULL);
if (rv != APR_SUCCESS) {
fprintf(stderr, "ab: Could not read POST data file: %s\n",
char tmp[1024];
apr_status_t status;
apr_getopt_t *opt;
- const char *optarg;
+ const char *opt_arg;
char c;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ int max_prot = TLS1_2_VERSION;
+#ifndef OPENSSL_NO_SSL3
+ int min_prot = SSL3_VERSION;
+#else
+ int min_prot = TLS1_VERSION;
+#endif
+#endif /* #if OPENSSL_VERSION_NUMBER >= 0x10100000L */
#ifdef USE_SSL
AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();
#endif
tdstring = "bgcolor=white";
cookie = "";
auth = "";
- proxyhost[0] = '\0';
+ proxyhost = "";
hdrs = "";
apr_app_initialize(&argc, &argv, NULL);
atexit(apr_terminate);
apr_pool_create(&cntxt, NULL);
+ apr_pool_abort_set(abort_on_oom, cntxt);
#ifdef NOT_ASCII
status = apr_xlate_open(&to_ascii, "ISO-8859-1", APR_DEFAULT_CHARSET, cntxt);
}
#endif
+ myhost = NULL; /* 0.0.0.0 or :: */
+
apr_getopt_init(&opt, cntxt, argc, argv);
- while ((status = apr_getopt(opt, "n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq"
+ while ((status = apr_getopt(opt, "n:c:t:s:b:T:p:u:v:lrkVhwiIx:y:z:C:H:P:A:g:X:de:SqB:m:"
#ifdef USE_SSL
- "Z:f:"
+ "Z:f:E:"
#endif
- ,&c, &optarg)) == APR_SUCCESS) {
+ ,&c, &opt_arg)) == APR_SUCCESS) {
switch (c) {
case 'n':
- requests = atoi(optarg);
+ requests = atoi(opt_arg);
if (requests <= 0) {
err("Invalid number of requests\n");
}
heartbeatres = 0;
break;
case 'c':
- concurrency = atoi(optarg);
+ concurrency = atoi(opt_arg);
break;
case 'b':
- windowsize = atoi(optarg);
+ windowsize = atoi(opt_arg);
break;
case 'i':
if (method != NO_METH)
method = HEAD;
break;
case 'g':
- gnuplot = strdup(optarg);
+ gnuplot = xstrdup(opt_arg);
break;
case 'd':
percentile = 0;
break;
case 'e':
- csvperc = strdup(optarg);
+ csvperc = xstrdup(opt_arg);
break;
case 'S':
confidence = 0;
break;
+ case 's':
+ aprtimeout = apr_time_from_sec(atoi(opt_arg)); /* timeout value */
+ break;
case 'p':
if (method != NO_METH)
err("Cannot mix POST with other methods\n");
- if ((status = open_postfile(optarg)) != APR_SUCCESS) {
+ if (open_postfile(opt_arg) != APR_SUCCESS) {
exit(1);
}
method = POST;
case 'u':
if (method != NO_METH)
err("Cannot mix PUT with other methods\n");
- if ((status = open_postfile(optarg)) != APR_SUCCESS) {
+ if (open_postfile(opt_arg) != APR_SUCCESS) {
exit(1);
}
method = PUT;
send_body = 1;
break;
+ case 'l':
+ nolength = 1;
+ break;
case 'r':
recverrok = 1;
break;
case 'v':
- verbosity = atoi(optarg);
+ verbosity = atoi(opt_arg);
break;
case 't':
- tlimit = atoi(optarg);
+ tlimit = atoi(opt_arg);
requests = MAX_REQUESTS; /* need to size data array on
* something */
break;
case 'T':
- strcpy(content_type, optarg);
+ content_type = apr_pstrdup(cntxt, opt_arg);
break;
case 'C':
- cookie = apr_pstrcat(cntxt, "Cookie: ", optarg, "\r\n", NULL);
+ cookie = apr_pstrcat(cntxt, "Cookie: ", opt_arg, "\r\n", NULL);
break;
case 'A':
/*
* assume username passwd already to be in colon separated form.
* Ready to be uu-encoded.
*/
- while (apr_isspace(*optarg))
- optarg++;
- if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
+ while (apr_isspace(*opt_arg))
+ opt_arg++;
+ if (apr_base64_encode_len(strlen(opt_arg)) > sizeof(tmp)) {
err("Authentication credentials too long\n");
}
- l = apr_base64_encode(tmp, optarg, strlen(optarg));
+ l = apr_base64_encode(tmp, opt_arg, strlen(opt_arg));
tmp[l] = '\0';
auth = apr_pstrcat(cntxt, auth, "Authorization: Basic ", tmp,
/*
* assume username passwd already to be in colon separated form.
*/
- while (apr_isspace(*optarg))
- optarg++;
- if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
+ while (apr_isspace(*opt_arg))
+ opt_arg++;
+ if (apr_base64_encode_len(strlen(opt_arg)) > sizeof(tmp)) {
err("Proxy credentials too long\n");
}
- l = apr_base64_encode(tmp, optarg, strlen(optarg));
+ l = apr_base64_encode(tmp, opt_arg, strlen(opt_arg));
tmp[l] = '\0';
auth = apr_pstrcat(cntxt, auth, "Proxy-Authorization: Basic ",
tmp, "\r\n", NULL);
break;
case 'H':
- hdrs = apr_pstrcat(cntxt, hdrs, optarg, "\r\n", NULL);
+ hdrs = apr_pstrcat(cntxt, hdrs, opt_arg, "\r\n", NULL);
/*
* allow override of some of the common headers that ab adds
*/
- if (strncasecmp(optarg, "Host:", 5) == 0) {
- opt_host = 1;
- } else if (strncasecmp(optarg, "Accept:", 7) == 0) {
+ if (strncasecmp(opt_arg, "Host:", 5) == 0) {
+ char *host;
+ apr_size_t len;
+ opt_arg += 5;
+ while (apr_isspace(*opt_arg))
+ opt_arg++;
+ len = strlen(opt_arg);
+ host = strdup(opt_arg);
+ while (len && apr_isspace(host[len-1]))
+ host[--len] = '\0';
+ opt_host = host;
+ } else if (strncasecmp(opt_arg, "Accept:", 7) == 0) {
opt_accept = 1;
- } else if (strncasecmp(optarg, "User-Agent:", 11) == 0) {
+ } else if (strncasecmp(opt_arg, "User-Agent:", 11) == 0) {
opt_useragent = 1;
}
break;
*/
case 'x':
use_html = 1;
- tablestring = optarg;
+ tablestring = opt_arg;
break;
case 'X':
{
/*
* assume proxy-name[:port]
*/
- if ((p = strchr(optarg, ':'))) {
+ if ((p = strchr(opt_arg, ':'))) {
*p = '\0';
p++;
proxyport = atoi(p);
}
- strcpy(proxyhost, optarg);
+ proxyhost = apr_pstrdup(cntxt, opt_arg);
isproxy = 1;
}
break;
case 'y':
use_html = 1;
- trstring = optarg;
+ trstring = opt_arg;
break;
case 'z':
use_html = 1;
- tdstring = optarg;
+ tdstring = opt_arg;
break;
case 'h':
usage(argv[0]);
case 'V':
copyright();
return 0;
+ case 'B':
+ myhost = apr_pstrdup(cntxt, opt_arg);
+ break;
+ case 'm':
+ method = CUSTOM_METHOD;
+ method_str[CUSTOM_METHOD] = strdup(opt_arg);
+ break;
#ifdef USE_SSL
case 'Z':
- ssl_cipher = strdup(optarg);
+ ssl_cipher = strdup(opt_arg);
+ break;
+ case 'E':
+ ssl_cert = strdup(opt_arg);
break;
case 'f':
- if (strncasecmp(optarg, "ALL", 3) == 0) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (strncasecmp(opt_arg, "ALL", 3) == 0) {
meth = SSLv23_client_method();
- } else if (strncasecmp(optarg, "SSL2", 4) == 0) {
+#ifndef OPENSSL_NO_SSL2
+ } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {
meth = SSLv2_client_method();
- } else if (strncasecmp(optarg, "SSL3", 4) == 0) {
+#ifdef HAVE_TLSEXT
+ tls_use_sni = 0;
+#endif
+#endif
+#ifndef OPENSSL_NO_SSL3
+ } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
meth = SSLv3_client_method();
- } else if (strncasecmp(optarg, "TLS1", 4) == 0) {
+#ifdef HAVE_TLSEXT
+ tls_use_sni = 0;
+#endif
+#endif
+#ifdef HAVE_TLSV1_X
+ } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {
+ meth = TLSv1_1_client_method();
+ } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) {
+ meth = TLSv1_2_client_method();
+#endif
+ } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
meth = TLSv1_client_method();
}
+#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
+ meth = TLS_client_method();
+ if (strncasecmp(opt_arg, "ALL", 3) == 0) {
+ max_prot = TLS1_2_VERSION;
+#ifndef OPENSSL_NO_SSL3
+ min_prot = SSL3_VERSION;
+#else
+ min_prot = TLS1_VERSION;
+#endif
+#ifndef OPENSSL_NO_SSL3
+ } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
+ max_prot = SSL3_VERSION;
+ min_prot = SSL3_VERSION;
+#endif
+ } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {
+ max_prot = TLS1_1_VERSION;
+ min_prot = TLS1_1_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) {
+ max_prot = TLS1_2_VERSION;
+ min_prot = TLS1_2_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
+ max_prot = TLS1_VERSION;
+ min_prot = TLS1_VERSION;
+ }
+#endif /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
break;
+#ifdef HAVE_TLSEXT
+ case 'I':
+ tls_use_sni = 0;
+ break;
+#endif
#endif
}
}
#ifdef RSAREF
R_malloc_init();
#else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_malloc_init();
+#endif
#endif
SSL_load_error_strings();
SSL_library_init();
exit(1);
}
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);
+ SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);
+#endif
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ /* Keep memory usage as low as possible */
+ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
if (ssl_cipher != NULL) {
if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) {
fprintf(stderr, "error setting cipher list [%s]\n", ssl_cipher);
if (verbosity >= 3) {
SSL_CTX_set_info_callback(ssl_ctx, ssl_state_cb);
}
+ if (ssl_cert != NULL) {
+ if (SSL_CTX_use_certificate_chain_file(ssl_ctx, ssl_cert) <= 0) {
+ BIO_printf(bio_err, "unable to get certificate from '%s'\n",
+ ssl_cert);
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ if (SSL_CTX_use_PrivateKey_file(ssl_ctx, ssl_cert, SSL_FILETYPE_PEM) <= 0) {
+ BIO_printf(bio_err, "unable to get private key from '%s'\n",
+ ssl_cert);
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ if (!SSL_CTX_check_private_key(ssl_ctx)) {
+ BIO_printf(bio_err,
+ "private key does not match the certificate public key in %s\n", ssl_cert);
+ exit(1);
+ }
+ }
+
#endif
#ifdef SIGPIPE
apr_signal(SIGPIPE, SIG_IGN); /* Ignore writes to connections that
projects / apache / blobdiff