Add the ability to configure recv_max_early_data via s_server

Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6655)
2018-07-05 15:42:36 +01:00 · 2018-07-05 15:42:36 +01:00 · bafe9cf5e3
parent 0d1b778901
commit bafe9cf5e3
1 changed files with 15 additions and 4 deletions
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -748,8 +748,8 @@ typedef enum OPTION_choice {
    OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
-    OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS,
-    OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
+    OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
+    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
    OPT_R_ENUM,
    OPT_S_ENUM,
    OPT_V_ENUM,
@ -955,7 +955,9 @@ const OPTIONS s_server_options[] = {
 #endif
    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
    {"max_early_data", OPT_MAX_EARLY, 'n',
-     "The maximum number of bytes of early data"},
+     "The maximum number of bytes of early data as advertised in tickets"},
+    {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n',
+     "The maximum number of bytes of early data (hard limit)"},
    {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"},
    {"num_tickets", OPT_S_NUM_TICKETS, 'n',
     "The number of TLSv1.3 session tickets that a server will automatically  issue" },
@ -1041,7 +1043,7 @@ int s_server_main(int argc, char *argv[])
    unsigned int split_send_fragment = 0, max_pipelines = 0;
    const char *s_serverinfo_file = NULL;
    const char *keylog_file = NULL;
-    int max_early_data = -1;
+    int max_early_data = -1, recv_max_early_data = -1;
    char *psksessf = NULL;

    /* Init of few remaining global variables */
@ -1570,6 +1572,13 @@ int s_server_main(int argc, char *argv[])
                goto end;
            }
            break;
+        case OPT_RECV_MAX_EARLY:
+            recv_max_early_data = atoi(opt_arg());
+            if (recv_max_early_data < 0) {
+                BIO_printf(bio_err, "Invalid value for recv_max_early_data\n");
+                goto end;
+            }
+            break;
        case OPT_EARLY_DATA:
            early_data = 1;
            if (max_early_data == -1)
@ -2110,6 +2119,8 @@ int s_server_main(int argc, char *argv[])

    if (max_early_data >= 0)
        SSL_CTX_set_max_early_data(ctx, max_early_data);
+    if (recv_max_early_data >= 0)
+        SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data);

    if (rev)
        server_cb = rev_body;