mirror of https://github.com/openssl/openssl
apps/s_server: Add ktls option
From openssl-3.0.0-alpha15, KTLS is turned off by default, even if KTLS feature in compilation, which makes it difficult to use KTLS through s_server/s_client, so a parameter option 'ktls' is added to enable KTLS through cmdline. At the same time, SSL_sendfile() depends on KTLS feature to work properly, make parameters sendfile depend on parameters ktls. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16609)
This commit is contained in:
parent
bfbb62c3b0
commit
e2ef7f1265
|
@ -716,7 +716,7 @@ typedef enum OPTION_choice {
|
|||
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
|
||||
OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
|
||||
OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
|
||||
OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF,
|
||||
OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, OPT_KTLS,
|
||||
OPT_R_ENUM,
|
||||
OPT_S_ENUM,
|
||||
OPT_V_ENUM,
|
||||
|
@ -958,6 +958,7 @@ const OPTIONS s_server_options[] = {
|
|||
{"alpn", OPT_ALPN, 's',
|
||||
"Set the advertised protocols for the ALPN extension (comma-separated list)"},
|
||||
#ifndef OPENSSL_NO_KTLS
|
||||
{"ktls", OPT_KTLS, '-', "Enable Kernel TLS for sending and receiving"},
|
||||
{"sendfile", OPT_SENDFILE, '-', "Use sendfile to response file with -WWW"},
|
||||
#endif
|
||||
|
||||
|
@ -1053,6 +1054,9 @@ int s_server_main(int argc, char *argv[])
|
|||
int sctp_label_bug = 0;
|
||||
#endif
|
||||
int ignore_unexpected_eof = 0;
|
||||
#ifndef OPENSSL_NO_KTLS
|
||||
int enable_ktls = 0;
|
||||
#endif
|
||||
|
||||
/* Init of few remaining global variables */
|
||||
local_argc = argc;
|
||||
|
@ -1627,6 +1631,11 @@ int s_server_main(int argc, char *argv[])
|
|||
case OPT_NOCANAMES:
|
||||
no_ca_names = 1;
|
||||
break;
|
||||
case OPT_KTLS:
|
||||
#ifndef OPENSSL_NO_KTLS
|
||||
enable_ktls = 1;
|
||||
#endif
|
||||
break;
|
||||
case OPT_SENDFILE:
|
||||
#ifndef OPENSSL_NO_KTLS
|
||||
use_sendfile = 1;
|
||||
|
@ -1694,6 +1703,11 @@ int s_server_main(int argc, char *argv[])
|
|||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_KTLS
|
||||
if (use_sendfile && enable_ktls == 0) {
|
||||
BIO_printf(bio_out, "Warning: -sendfile depends on -ktls, enabling -ktls now.\n");
|
||||
enable_ktls = 1;
|
||||
}
|
||||
|
||||
if (use_sendfile && www <= 1) {
|
||||
BIO_printf(bio_err, "Can't use -sendfile without -WWW or -HTTP\n");
|
||||
goto end;
|
||||
|
@ -1883,6 +1897,10 @@ int s_server_main(int argc, char *argv[])
|
|||
|
||||
if (ignore_unexpected_eof)
|
||||
SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
|
||||
#ifndef OPENSSL_NO_KTLS
|
||||
if (enable_ktls)
|
||||
SSL_CTX_set_options(ctx, SSL_OP_ENABLE_KTLS);
|
||||
#endif
|
||||
|
||||
if (max_send_fragment > 0
|
||||
&& !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
|
||||
|
|
|
@ -128,6 +128,7 @@ B<openssl> B<s_server>
|
|||
[B<-no_dhe>]
|
||||
[B<-nextprotoneg> I<val>]
|
||||
[B<-alpn> I<val>]
|
||||
[B<-ktls>]
|
||||
[B<-sendfile>]
|
||||
[B<-keylogfile> I<outfile>]
|
||||
[B<-recv_max_early_data> I<int>]
|
||||
|
@ -762,11 +763,18 @@ Protocol names are printable ASCII strings, for example "http/1.1" or
|
|||
"spdy/3".
|
||||
The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
|
||||
|
||||
=item B<-ktls>
|
||||
|
||||
Enable Kernel TLS for sending and receiving.
|
||||
This option was introduced in OpenSSL 3.1.0.
|
||||
Kernel TLS is off by default as of OpenSSL 3.1.0.
|
||||
|
||||
=item B<-sendfile>
|
||||
|
||||
If this option is set and KTLS is enabled, SSL_sendfile() will be used
|
||||
instead of BIO_write() to send the HTTP response requested by a client.
|
||||
This option is only valid if B<-WWW> or B<-HTTP> is specified.
|
||||
This option is only valid when B<-ktls> along with B<-WWW> or B<-HTTP>
|
||||
are specified.
|
||||
|
||||
=item B<-keylogfile> I<outfile>
|
||||
|
||||
|
|
Loading…
Reference in New Issue