abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add TLCP ALPN support

Browse Source
This commit is contained in:
Zhi Guan
2026-06-12 09:58:47 +08:00
parent e480e25109
commit b1f670c6c6
3 changed files with 86 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tools/tlcp_client.c
View File

@@ -24,6 +24,7 @@ static const char *usage =
" [-cert file -key file -pass str]"
" [-outcerts file]"
" [-get path]"
" [-alpn str]"
" [-quiet]";
static const char *help =
@@ -43,6 +44,7 @@ static const char *help =
" -get path Send a GET request with given path of URI\n"
" -outcerts file Save server certificates to a PEM file\n"
" -server_name str Send server_name (SNI) request\n"
" -alpn str Application protocol name, may appear multiple times, higher priority first\n"
" -status_request Send status_request (OCSP Stapling) request\n"
" -quiet Without printing any status message\n"
"\n"
@@ -69,6 +71,8 @@ int tlcp_client_main(int argc, char *argv[])
char *keyfile = NULL;
char *pass = NULL;
char *server_name = NULL;
char *alpn_protocols[4];
size_t alpn_protocols_cnt = 0;
int client_cert_optional = 0;
char *get = NULL;
char *outcertsfile = NULL;
@@ -165,6 +169,13 @@ int tlcp_client_main(int argc, char *argv[])
} else if (!strcmp(*argv, "-server_name")) {
if (--argc < 1) goto bad;
server_name = *(++argv);
} else if (!strcmp(*argv, "-alpn")) {
if (alpn_protocols_cnt >= sizeof(alpn_protocols)/sizeof(alpn_protocols[0])) {
fprintf(stderr, "%s: too many -alpn options\n", prog);
return -1;
}
if (--argc < 1) goto bad;
alpn_protocols[alpn_protocols_cnt++] = *(++argv);
} else if (!strcmp(*argv, "-client_cert_optional")) {
client_cert_optional = 1;
} else if (!strcmp(*argv, "-get")) {
@@ -213,6 +224,14 @@ bad:
goto end;
}
if (alpn_protocols_cnt) {
if (tls_ctx_set_application_layer_protocol_negotiation(&ctx,
alpn_protocols, alpn_protocols_cnt) != 1) {
error_print();
goto end;
}
}
if (cacertfile) {
if (tls_ctx_set_ca_certificates(&ctx, cacertfile, verify_depth) != 1) {
fprintf(stderr, "%s: failed to load CA certificate\n", prog);

19
tools/tlcp_server.c
View File

@@ -18,7 +18,7 @@
#include <gmssl/error.h>
static const char *options = "[-port num] -cert file -key file -pass str -ex_key file -ex_pass str [-cacert file]";
static const char *options = "[-port num] -cert file -key file -pass str -ex_key file -ex_pass str [-alpn str] [-cacert file]";
static const char *help =
@@ -30,6 +30,7 @@ static const char *help =
" -pass str Password to decrypt signing private key, may appear multiple times\n"
" -ex_key file Server's encryption private key in PEM format, may appear multiple times\n"
" -ex_pass str Password to decrypt encryption private key, may appear multiple times\n"
" -alpn str Application protocol name, may appear multiple times, higher priority first\n"
" -cacert file CA certificate for client certificate verification\n"
"\n"
#include "tlcp_help.h"
@@ -50,6 +51,8 @@ int tlcp_server_main(int argc , char **argv)
size_t enckeyfiles_cnt = 0;
char *encpasses[sizeof(certfiles)/sizeof(certfiles[0])];
size_t encpasses_cnt = 0;
char *alpn_protocols[4];
size_t alpn_protocols_cnt = 0;
char *cacertfile = NULL;
int server_ciphers[] = {
@@ -119,6 +122,13 @@ int tlcp_server_main(int argc , char **argv)
}
if (--argc < 1) goto bad;
encpasses[encpasses_cnt++] = *(++argv);
} else if (!strcmp(*argv, "-alpn")) {
if (alpn_protocols_cnt >= sizeof(alpn_protocols)/sizeof(alpn_protocols[0])) {
fprintf(stderr, "%s: too many -alpn options\n", prog);
return -1;
}
if (--argc < 1) goto bad;
alpn_protocols[alpn_protocols_cnt++] = *(++argv);
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertfile = *(++argv);
@@ -166,6 +176,13 @@ bad:
error_print();
return -1;
}
if (alpn_protocols_cnt) {
if (tls_ctx_set_application_layer_protocol_negotiation(&ctx,
alpn_protocols, alpn_protocols_cnt) != 1) {
error_print();
return -1;
}
}
for (i = 0; i < certfiles_cnt; i++) {
if (tlcp_ctx_add_server_certificate_and_keys(&ctx,
certfiles[i], signkeyfiles[i], signpasses[i],