Bug 1694214 - tstclnt can't enable middlebox compat mode r=beurdouche

Differential Revision: https://phabricator.services.mozilla.com/D106617 --HG-- extra : moz-landing-system : lando

Bug 1694214 - tstclnt can't enable middlebox compat mode r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D106617 --HG-- extra : moz-landing-system : lando
e1f2f555 · Hubert Kario · 65cb1fd5 · e1f2f555
Commit e1f2f555 authored Feb 27, 2021 by Hubert Kario
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 1 deletion

cmd/tstclnt/tstclnt.c cmd/tstclnt/tstclnt.c +17 -1

No files found.
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -332,6 +332,7 @@ PrintParameterUsage()
            "%-20s 0xAAAABBBBCCCCDDDD:mylabel. Otherwise, the default label of\n"
            "%-20s 'Client_identity' will be used.\n",
            "-z externalPsk", "", "", "");
+    fprintf(stderr, "%-20s Enable middlebox compatibility mode (TLS 1.3 only)\n", "-e");
 }

 static void
@@ -986,6 +987,7 @@ int enableSignedCertTimestamps = 0;
 int forceFallbackSCSV = 0;
 int enableExtendedMasterSecret = 0;
 PRBool requireDHNamedGroups = 0;
+PRBool middleboxCompatMode = 0;
 PRSocketOptionData opt;
 PRNetAddr addr;
 PRBool allowIPv4 = PR_TRUE;
@@ -1493,6 +1495,16 @@ run()
        }
    }

+    /* Middlebox compatibility mode (TLS 1.3 only) */
+    if (middleboxCompatMode) {
+        rv = SSL_OptionSet(s, SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error enabling middlebox compatibility mode");
+            error = 1;
+            goto done;
+        }
+    }
+
    /* require the use of fixed finite-field DH groups */
    if (requireDHNamedGroups) {
        rv = SSL_OptionSet(s, SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
@@ -1825,7 +1837,7 @@ main(int argc, char **argv)
    }

    optstate = PL_CreateOptState(argc, argv,
-                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:x:z:");
+                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:efgh:m:n:op:qr:st:uvw:x:z:");
    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
        switch (optstate->option) {
            case '?':
@@ -1996,6 +2008,10 @@ main(int argc, char **argv)
                certDir = PORT_Strdup(optstate->value);
                break;

+            case 'e':
+                middleboxCompatMode = PR_TRUE;
+                break;
+
            case 'f':
                clientSpeaksFirst = PR_TRUE;
                break;