apps/s_client: Add ktls option

From openssl-3.0.0-alpha15, KTLS is turned off by default, even if KTLS feature in compilation, which makes it difficult to use KTLS through s_server/s_client, so a parameter option 'ktls' is added to enable KTLS through cmdline. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16609)
2024-12-15 21:13:38 +08:00 · 2021-09-15 11:00:50 +08:00 · 2021-09-15 11:00:50 +08:00 · e396c114eb
commit e396c114eb
parent e2ef7f1265
2 changed files with 23 additions and 0 deletions
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -467,6 +467,7 @@ typedef enum OPTION_choice {
    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
    OPT_ENABLE_PHA,
    OPT_SCTP_LABEL_BUG,
+    OPT_KTLS,
    OPT_R_ENUM, OPT_PROV_ENUM
 } OPTION_CHOICE;

@ -664,6 +665,9 @@ const OPTIONS s_client_options[] = {
    {"srp_strength", OPT_SRP_STRENGTH, 'p',
     "(deprecated) Minimal length in bits for N"},
 #endif
+#ifndef OPENSSL_NO_KTLS
+    {"ktls", OPT_KTLS, '-', "Enable Kernel TLS for sending and receiving"},
+#endif

    OPT_R_OPTIONS,
    OPT_S_OPTIONS,
@ -888,6 +892,9 @@ int s_client_main(int argc, char **argv)
    int sctp_label_bug = 0;
 #endif
    int ignore_unexpected_eof = 0;
+#ifndef OPENSSL_NO_KTLS
+    int enable_ktls = 0;
+#endif

    FD_ZERO(&readfds);
    FD_ZERO(&writefds);
@ -1457,6 +1464,11 @@ int s_client_main(int argc, char **argv)
        case OPT_ENABLE_PHA:
            enable_pha = 1;
            break;
+        case OPT_KTLS:
+#ifndef OPENSSL_NO_KTLS
+            enable_ktls = 1;
+#endif
+            break;
        }
    }

@ -1700,6 +1712,10 @@ int s_client_main(int argc, char **argv)

    if (ignore_unexpected_eof)
        SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
+#ifndef OPENSSL_NO_KTLS
+    if (enable_ktls)
+        SSL_CTX_set_options(ctx, SSL_OP_ENABLE_KTLS);
+#endif

    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
        BIO_printf(bio_err, "Error setting verify params\n");
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@ -116,6 +116,7 @@ B<openssl> B<s_client>
 [B<-srp_lateuser>]
 [B<-srp_moregroups>]
 [B<-srp_strength> I<number>]
+[B<-ktls>]
 {- $OpenSSL::safe::opt_name_synopsis -}
 {- $OpenSSL::safe::opt_version_synopsis -}
 {- $OpenSSL::safe::opt_x_synopsis -}
@ -765,6 +766,12 @@ Tolerate other than the known B<g> and B<N> values.
 Set the minimal acceptable length, in bits, for B<N>.  This option is
 deprecated.

+=item B<-ktls>
+
+Enable Kernel TLS for sending and receiving.
+This option was introduced in OpenSSL 3.1.0.
+Kernel TLS is off by default as of OpenSSL 3.1.0.
+
 {- $OpenSSL::safe::opt_version_item -}

 {- $OpenSSL::safe::opt_name_item -}