hurl

commit b5f4e541411a8ecb3074b2395a12e4d40f9eff15
parent a155a0aefef0243b8c383e61352c347e4402af33
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Sat,  9 Nov 2019 23:10:08 +0100

make legacy ciphers for TLS a run-time option (-l), by default off.

Diffstat:
M
hurl.1
 | 
3
+++
M
hurl.c
 | 
19
++++++++++++-------

2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/hurl.1 b/hurl.1
@@ -7,6 +7,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl m Ar filesize
+.Op Fl l
 .Op Fl t Ar timeout
 .Ar url
 .Sh DESCRIPTION
@@ -19,6 +20,8 @@ The options are as follows:
 .Bl -tag -width Ds
 .It Fl m Ar filesize
 Maximum size of the data in bytes.
+.It Fl l
+Enable legacy ciphers and negotiation for TLS (default off).
 .It Fl t Ar timeout
 Maximum time for the connection and fetching the data in seconds.
 The default is 10 seconds.
diff --git a/hurl.c b/hurl.c
@@ -43,6 +43,8 @@ char *argv0;
 static size_t config_maxresponsesiz = 0;
 /* time-out in seconds */
 static time_t config_timeout = 10;
+/* legacy ciphers? */
+static int config_legacy = 0;
 /* parsed uri */
 static struct uri u;
 /* raw command-line argument */
@@ -447,7 +449,7 @@ err:
 void
 usage(void)
 {
-	fprintf(stderr, "usage: %s [-m maxresponse] [-t timeout] url\n",
+	fprintf(stderr, "usage: %s [-l] [-m maxresponse] [-t timeout] url\n",
 	        argv0);
 	exit(1);
 }
@@ -467,6 +469,9 @@ main(int argc, char **argv)
 			usage();
 		config_maxresponsesiz = l;
 		break;
+	case 'l': /* legacy ciphers */
+		config_legacy = 1;
+		break;
 	case 't': /* timeout */
 		errno = 0;
 		l = strtoll(EARGF(usage()), &end, 10);
@@ -490,12 +495,12 @@ main(int argc, char **argv)
 			errx(1, "tls_init failed");
 		if (!(tls_config = tls_config_new()))
 			errx(1, "tls config failed");
-#ifdef SUPPORT_LEGACY
-		/* enable legacy cipher and negotiation. */
-		if (tls_config_set_ciphers(tls_config, "legacy"))
-			errx(1, "tls set ciphers failed: %s",
-			     tls_config_error(tls_config));
-#endif
+		if (config_legacy) {
+			/* enable legacy cipher and negotiation. */
+			if (tls_config_set_ciphers(tls_config, "legacy"))
+				errx(1, "tls set ciphers failed: %s",
+				     tls_config_error(tls_config));
+		}
 		if (!strcmp(u.proto, "https"))
 			memcpy(u.port, "443", 4);
 		statuscode = https_request();