diff options
| author | Todd Short <tshort@akamai.com> | 2021-09-08 16:23:04 -0400 |
|---|---|---|
| committer | Todd Short <todd.short@me.com> | 2022-03-10 10:42:43 -0500 |
| commit | a3e53d56831adb60d6875297b3339a4251f735d2 (patch) | |
| tree | c931c5b2cc9a63f80e4f3ae3a366b70064b897ae /apps/s_server.c | |
| parent | 97896f744d9ee4f2e821e3383caac8e8c5f226cf (diff) | |
Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
Diffstat (limited to 'apps/s_server.c')
| -rw-r--r-- | apps/s_server.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 2036d51795..736d8498d1 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -717,6 +717,7 @@ typedef enum OPTION_choice { OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, OPT_KTLS, + OPT_TFO, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -747,6 +748,9 @@ const OPTIONS s_server_options[] = { #endif {"4", OPT_4, '-', "Use IPv4 only"}, {"6", OPT_6, '-', "Use IPv6 only"}, +#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO) + {"tfo", OPT_TFO, '-', "Listen for TCP Fast Open connections"}, +#endif OPT_SECTION("Identity"), {"context", OPT_CONTEXT, 's', "Set session ID context"}, @@ -1057,6 +1061,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_KTLS int enable_ktls = 0; #endif + int tfo = 0; /* Init of few remaining global variables */ local_argc = argc; @@ -1649,6 +1654,9 @@ int s_server_main(int argc, char *argv[]) case OPT_IGNORE_UNEXPECTED_EOF: ignore_unexpected_eof = 1; break; + case OPT_TFO: + tfo = 1; + break; } } @@ -1677,6 +1685,11 @@ int s_server_main(int argc, char *argv[]) } #endif + if (tfo && socket_type != SOCK_STREAM) { + BIO_printf(bio_err, "Can only use -tfo with TLS\n"); + goto end; + } + if (stateless && socket_type != SOCK_STREAM) { BIO_printf(bio_err, "Can only use --stateless with TLS\n"); goto end; @@ -2240,8 +2253,10 @@ int s_server_main(int argc, char *argv[]) && unlink_unix_path) unlink(host); #endif + if (tfo) + BIO_printf(bio_s_out, "Listening for TFO\n"); do_server(&accept_socket, host, port, socket_family, socket_type, protocol, - server_cb, context, naccept, bio_s_out); + server_cb, context, naccept, bio_s_out, tfo); print_stats(bio_s_out, ctx); ret = 0; end: |