Skip to content

Commit

Permalink
SSL programs: improve command-line error reporting
Browse files Browse the repository at this point in the history
Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)

Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
  • Loading branch information
mpg authored and gilles-peskine-arm committed Aug 23, 2023
1 parent 797cfd8 commit fc8ad27
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 34 deletions.
58 changes: 41 additions & 17 deletions programs/ssl/ssl_client2.c
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ int main(void)
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n"
"\n"

#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
Expand Down Expand Up @@ -839,34 +839,54 @@ int main(int argc, char *argv[])
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;

p = q = NULL;
if (argc < 1) {
usage:
if (ret == 0) {
ret = 1;
if (p != NULL && q != NULL) {
printf("unrecognized value for '%s': '%s'\n", p, q);
} else if (p != NULL && q == NULL) {
printf("unrecognized param: '%s'\n", p);
}

mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);
mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
mbedtls_printf(" ssl_client2 help[_theme]\n");
mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
mbedtls_printf("\n");

list = mbedtls_ssl_list_ciphersuites();
while (*list) {
mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (!*list) {
break;
}
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (ret == 0) {
ret = 1;
}
mbedtls_printf("\n");
goto exit;
}

for (i = 1; i < argc; i++) {
p = argv[i];

if (strcmp(p, "help") == 0) {
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);

ret = 0;
goto exit;
}
if (strcmp(p, "help_ciphersuites") == 0) {
mbedtls_printf(" acceptable ciphersuite names:\n");
for (list = mbedtls_ssl_list_ciphersuites();
*list != 0;
list++) {
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
}

ret = 0;
goto exit;
}

if ((q = strchr(p, '=')) == NULL) {
mbedtls_printf("param requires a value: '%s'\n", p);
p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
Expand Down Expand Up @@ -1226,9 +1246,13 @@ int main(int argc, char *argv[])
} else if (strcmp(p, "mki") == 0) {
opt.mki = q;
} else {
/* This signals that the problem is with p not q */
q = NULL;
goto usage;
}
}
/* This signals that any further errors are not with a single option */
p = q = NULL;

if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
Expand Down
58 changes: 41 additions & 17 deletions programs/ssl/ssl_server2.c
Original file line number Diff line number Diff line change
Expand Up @@ -535,7 +535,7 @@ int main(void)
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n"
"\n"

#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
Expand Down Expand Up @@ -1532,34 +1532,54 @@ int main(int argc, char *argv[])
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.support_mki = DFL_SRTP_SUPPORT_MKI;

p = q = NULL;
if (argc < 1) {
usage:
if (ret == 0) {
ret = 1;
if (p != NULL && q != NULL) {
printf("unrecognized value for '%s': '%s'\n", p, q);
} else if (p != NULL && q == NULL) {
printf("unrecognized param: '%s'\n", p);
}

mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);
mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
mbedtls_printf(" ssl_client2 help[_theme]\n");
mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
mbedtls_printf("\n");

list = mbedtls_ssl_list_ciphersuites();
while (*list) {
mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (!*list) {
break;
}
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (ret == 0) {
ret = 1;
}
mbedtls_printf("\n");
goto exit;
}

for (i = 1; i < argc; i++) {
p = argv[i];

if (strcmp(p, "help") == 0) {
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);

ret = 0;
goto exit;
}
if (strcmp(p, "help_ciphersuites") == 0) {
mbedtls_printf(" acceptable ciphersuite names:\n");
for (list = mbedtls_ssl_list_ciphersuites();
*list != 0;
list++) {
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
}

ret = 0;
goto exit;
}

if ((q = strchr(p, '=')) == NULL) {
mbedtls_printf("param requires a value: '%s'\n", p);
p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
Expand Down Expand Up @@ -1949,9 +1969,13 @@ int main(int argc, char *argv[])
} else if (strcmp(p, "support_mki") == 0) {
opt.support_mki = atoi(q);
} else {
/* This signals that the problem is with p not q */
q = NULL;
goto usage;
}
}
/* This signals that any further erorrs are not with a single option */
p = q = NULL;

if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
Expand Down

0 comments on commit fc8ad27

Please sign in to comment.