agl (owner)

Revisions

gist: 212066 Download_button fork
public
Public Clone URL: git://gist.github.com/212066.git
Embed All Files: show embed
Diff #
raw 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

diff --git a/mozilla/security/nss/cmd/selfserv/selfserv.c b/mozilla/security/nss/cmd/selfserv/selfserv.c
index 4c3d8e3..8e6acf8 100644
--- a/mozilla/security/nss/cmd/selfserv/selfserv.c
+++ b/mozilla/security/nss/cmd/selfserv/selfserv.c
@@ -200,6 +200,7 @@ Usage(const char *progName)
 "-u means enable Session Ticket extension for TLS.\n"
 "-v means verbose output\n"
 "-x means use export policy.\n"
+"-z mean enable compression.\n"
 "-L seconds means log statistics every 'seconds' seconds (default=30).\n"
 "-M maxProcs tells how many processes to run in a multi-process server\n"
 "-N means do NOT use the server session cache.  Incompatible with -M.\n"
@@ -717,6 +718,7 @@ PRBool bypassPKCS11    = PR_FALSE;
 PRBool disableLocking  = PR_FALSE;
 PRBool testbypass      = PR_FALSE;
 PRBool enableSessionTickets = PR_FALSE;
+PRBool enableCompression    = PR_FALSE;
 
 static const char stopCmd[] = { "GET /stop " };
 static const char getCmd[]  = { "GET " };
@@ -1599,6 +1601,13 @@ server_main(
 	}
     }
 
+    if (enableCompression) {
+	rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+	if (rv != SECSuccess) {
+	    errExit("error enabling compression ");
+	}
+    }
+
     for (kea = kt_rsa; kea < kt_kea_size; kea++) {
 	if (cert[kea] != NULL) {
 	    secStatus = SSL_ConfigSecureServer(model_sock, 
@@ -1830,7 +1839,7 @@ main(int argc, char **argv)
     ** numbers, then capital letters, then lower case, alphabetical. 
     */
     optstate = PL_CreateOptState(argc, argv, 
-        "2:3BC:DEL:M:NP:RSTbc:d:e:f:g:hi:jlmn:op:qrst:uvw:xy");
+        "2:3BC:DEL:M:NP:RSTbc:d:e:f:g:hi:jlmn:op:qrst:uvw:xyz");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	++optionsFound;
 	switch(optstate->option) {
@@ -1935,6 +1944,8 @@ main(int argc, char **argv)
 
 	case 'y': debugCache = PR_TRUE; break;
 
+	case 'z': enableCompression = PR_TRUE; break;
+
 	default:
 	case '?':
 	    fprintf(stderr, "Unrecognized or bad option specified.\n");
diff --git a/mozilla/security/nss/cmd/strsclnt/strsclnt.c b/mozilla/security/nss/cmd/strsclnt/strsclnt.c
index 10c64bd..6239c95 100644
--- a/mozilla/security/nss/cmd/strsclnt/strsclnt.c
+++ b/mozilla/security/nss/cmd/strsclnt/strsclnt.c
@@ -161,6 +161,7 @@ static PRBool bypassPKCS11    = PR_FALSE;
 static PRBool disableLocking  = PR_FALSE;
 static PRBool ignoreErrors    = PR_FALSE;
 static PRBool enableSessionTickets = PR_FALSE;
+static PRBool enableCompression    = PR_FALSE;
 
 PRIntervalTime maxInterval    = PR_INTERVAL_NO_TIMEOUT;
 
@@ -196,6 +197,7 @@ Usage(const char *progName)
         "       -U means enable throttling up threads\n"
 	"       -B bypasses the PKCS11 layer for SSL encryption and MACing\n"
 	"       -u enable TLS Session Ticket extension\n",
+	"       -z enable compression\n",
 	progName);
     exit(1);
 }
@@ -1233,6 +1235,12 @@ client_main(
 	    errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS");
     }
 
+    if (enableCompression) {
+	rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+	if (rv != SECSuccess)
+	    errExit("SSL_OptionSet SSL_ENABLE_DEFLATE");
+    }
+
     SSL_SetURL(model_sock, hostName);
 
     SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, 
@@ -1338,7 +1346,7 @@ main(int argc, char **argv)
     progName = progName ? progName + 1 : tmp;
  
 
-    optstate = PL_CreateOptState(argc, argv, "23BC:DNP:TUW:c:d:f:in:op:qst:uvw:");
+    optstate = PL_CreateOptState(argc, argv, "23BC:DNP:TUW:c:d:f:in:op:qst:uvzw:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch(optstate->option) {
 
@@ -1398,6 +1406,8 @@ main(int argc, char **argv)
             pwdata.data = PL_strdup(optstate->value);
             break;
 
+	case 'z': enableCompression = PR_TRUE; break;
+
 	case 0:   /* positional parameter */
 	    if (hostName) {
 		Usage(progName);
diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
index 06c1541..c7a7673 100644
--- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c
+++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
@@ -212,6 +212,7 @@ static void Usage(const char *progName)
     fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
     fprintf(stderr, "%-20s Renegotiate with session resumption.\n", "-r");
     fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
+    fprintf(stderr, "%-20s Enable the compression.\n", "-z");
     fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", 
                     "-c ciphers");
     fprintf(stderr, 
@@ -507,6 +508,7 @@ int main(int argc, char **argv)
     int                disableLocking = 0;
     int                useExportPolicy = 0;
     int                enableSessionTickets = 0;
+    int                enableCompression = 0;
     PRSocketOptionData opt;
     PRNetAddr          addr;
     PRPollDesc         pollset[2];
@@ -534,7 +536,7 @@ int main(int argc, char **argv)
        }
     }
 
-    optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
+    optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xzW:");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
@@ -591,6 +593,8 @@ int main(int argc, char **argv)
                 break;
 
 	  case 'x': useExportPolicy = 1; 		break;
+
+	  case 'z': enableCompression = 1;		break;
 	}
     }
 
@@ -829,6 +833,13 @@ int main(int argc, char **argv)
 	return 1;
     }
 
+    /* enable compression. */
+    rv = SSL_OptionSet(s, SSL_ENABLE_DEFLATE, enableCompression);
+    if (rv != SECSuccess) {
+	SECU_PrintError(progName, "error enabling compression");
+	return 1;
+    }
+
     SSL_SetPKCS11PinArg(s, &pwdata);
 
     SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
diff --git a/mozilla/security/nss/tests/ssl/sslstress.txt b/mozilla/security/nss/tests/ssl/sslstress.txt
index 4a1a211..2c745ae 100644
--- a/mozilla/security/nss/tests/ssl/sslstress.txt
+++ b/mozilla/security/nss/tests/ssl/sslstress.txt
@@ -9,6 +9,8 @@
   noECC     0      _         -c_1000_-C_c_-T               Stress SSL3 RC4 128 with MD5
   noECC     0      _         -c_1000_-C_c                  Stress TLS  RC4 128 with MD5
   noECC     0      -u        -2_-c_1000_-C_c_-u            Stress TLS  RC4 128 with MD5 (session ticket)
+  noECC     0      -z        -2_-c_1000_-C_c_-z            Stress TLS  RC4 128 with MD5 (compression)
+  noECC     0      -z_-u     -2_-c_1000_-C_c_-z            Stress TLS  RC4 128 with MD5 (session ticket, compression)
 
 #
 # add client auth versions here...
@@ -17,6 +19,8 @@
   noECC     0      -r_-r     -c_100_-C_c_-T_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
   noECC     0      -r_-r     -c_100_-C_c_-N_-n_TestUser    Stress TLS RC4 128 with MD5 (no reuse, client auth)
   noECC     0      -r_-r_-u  -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth)
+  noECC     0      -r_-r_-z  -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth)
+  noECC     0   -u_-r_-r_-u  -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth, session ticket)
 
 #
 # ############################ ECC ciphers ############################