Bug 1694214 - tstclnt can't enable middlebox compat mode r=beurdouche

Differential Revision: https://phabricator.services.mozilla.com/D106617 --HG-- extra : moz-landing-system : lando
sailfishos-mirror · Feb 27, 2021 · e1f2f55 · e1f2f55
1 parent 65cb1fd
commit e1f2f55
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c
@@ -332,6 +332,7 @@ PrintParameterUsage()
             "%-20s 0xAAAABBBBCCCCDDDD:mylabel. Otherwise, the default label of\n"
             "%-20s 'Client_identity' will be used.\n",
             "-z externalPsk", "", "", "");
+    fprintf(stderr, "%-20s Enable middlebox compatibility mode (TLS 1.3 only)\n", "-e");
 }
 
 static void
@@ -986,6 +987,7 @@ int enableSignedCertTimestamps = 0;
 int forceFallbackSCSV = 0;
 int enableExtendedMasterSecret = 0;
 PRBool requireDHNamedGroups = 0;
+PRBool middleboxCompatMode = 0;
 PRSocketOptionData opt;
 PRNetAddr addr;
 PRBool allowIPv4 = PR_TRUE;
@@ -1493,6 +1495,16 @@ run()
         }
     }
 
+    /* Middlebox compatibility mode (TLS 1.3 only) */
+    if (middleboxCompatMode) {
+        rv = SSL_OptionSet(s, SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error enabling middlebox compatibility mode");
+            error = 1;
+            goto done;
+        }
+    }
+
     /* require the use of fixed finite-field DH groups */
     if (requireDHNamedGroups) {
         rv = SSL_OptionSet(s, SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
@@ -1825,7 +1837,7 @@ main(int argc, char **argv)
     }
 
     optstate = PL_CreateOptState(argc, argv,
-                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:x:z:");
+                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:efgh:m:n:op:qr:st:uvw:x:z:");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
         switch (optstate->option) {
             case '?':
@@ -1996,6 +2008,10 @@ main(int argc, char **argv)
                 certDir = PORT_Strdup(optstate->value);
                 break;
 
+            case 'e':
+                middleboxCompatMode = PR_TRUE;
+                break;
+
             case 'f':
                 clientSpeaksFirst = PR_TRUE;
                 break;