make legacy ciphers for TLS a run-time option (-l), by default off. - hurl - Gopher/HTTP/HTTPS file grabber
(HTM) git clone git://git.codemadness.org/hurl
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit b5f4e541411a8ecb3074b2395a12e4d40f9eff15
(DIR) parent a155a0aefef0243b8c383e61352c347e4402af33
(HTM) Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sat, 9 Nov 2019 23:10:08 +0100
make legacy ciphers for TLS a run-time option (-l), by default off.
Diffstat:
M hurl.1 | 3 +++
M hurl.c | 19 ++++++++++++-------
2 files changed, 15 insertions(+), 7 deletions(-)
---
(DIR) diff --git a/hurl.1 b/hurl.1
@@ -7,6 +7,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl m Ar filesize
+.Op Fl l
.Op Fl t Ar timeout
.Ar url
.Sh DESCRIPTION
@@ -19,6 +20,8 @@ The options are as follows:
.Bl -tag -width Ds
.It Fl m Ar filesize
Maximum size of the data in bytes.
+.It Fl l
+Enable legacy ciphers and negotiation for TLS (default off).
.It Fl t Ar timeout
Maximum time for the connection and fetching the data in seconds.
The default is 10 seconds.
(DIR) diff --git a/hurl.c b/hurl.c
@@ -43,6 +43,8 @@ char *argv0;
static size_t config_maxresponsesiz = 0;
/* time-out in seconds */
static time_t config_timeout = 10;
+/* legacy ciphers? */
+static int config_legacy = 0;
/* parsed uri */
static struct uri u;
/* raw command-line argument */
@@ -447,7 +449,7 @@ err:
void
usage(void)
{
- fprintf(stderr, "usage: %s [-m maxresponse] [-t timeout] url\n",
+ fprintf(stderr, "usage: %s [-l] [-m maxresponse] [-t timeout] url\n",
argv0);
exit(1);
}
@@ -467,6 +469,9 @@ main(int argc, char **argv)
usage();
config_maxresponsesiz = l;
break;
+ case 'l': /* legacy ciphers */
+ config_legacy = 1;
+ break;
case 't': /* timeout */
errno = 0;
l = strtoll(EARGF(usage()), &end, 10);
@@ -490,12 +495,12 @@ main(int argc, char **argv)
errx(1, "tls_init failed");
if (!(tls_config = tls_config_new()))
errx(1, "tls config failed");
-#ifdef SUPPORT_LEGACY
- /* enable legacy cipher and negotiation. */
- if (tls_config_set_ciphers(tls_config, "legacy"))
- errx(1, "tls set ciphers failed: %s",
- tls_config_error(tls_config));
-#endif
+ if (config_legacy) {
+ /* enable legacy cipher and negotiation. */
+ if (tls_config_set_ciphers(tls_config, "legacy"))
+ errx(1, "tls set ciphers failed: %s",
+ tls_config_error(tls_config));
+ }
if (!strcmp(u.proto, "https"))
memcpy(u.port, "443", 4);
statuscode = https_request();