From 5193688682e409720c1855c8b6efea1139c1514b Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Sun, 20 Feb 2011 16:05:58 +0000
Subject: [PATCH]  - Added force_ciphersuite option to ssl_client2 application

---
 programs/ssl/ssl_client2.c | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 7321fa55f..15a0bb0a9 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -43,6 +43,7 @@
 #define DFL_DEBUG_LEVEL         0
 #define DFL_CRT_FILE            ""
 #define DFL_KEY_FILE            ""
+#define DFL_FORCE_CIPHER        0
 
 #define GET_REQUEST "GET %s HTTP/1.0\r\n\r\n"
 
@@ -57,6 +58,7 @@ struct options
     char *request_page;         /* page on server to request                */
     char *crt_file;             /* the file with the client certificate     */
     char *key_file;             /* the file with the client key             */
+    int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
 } opt;
 
 void my_debug( void *ctx, int level, const char *str )
@@ -77,7 +79,8 @@ void my_debug( void *ctx, int level, const char *str )
     "    request_page=%%s     default: \".\"\n"             \
     "    crt_file=%%s         default: \"\" (pre-loaded)\n" \
     "    key_file=%%s         default: \"\" (pre-loaded)\n" \
-    "\n"
+    "    force_ciphersuite=<name>    default: all enabled\n"\
+    " acceptable ciphersuite names:\n"
 
 int main( int argc, char *argv[] )
 {
@@ -91,6 +94,7 @@ int main( int argc, char *argv[] )
     rsa_context rsa;
     int i, j, n;
     char *p, *q;
+    const int *list;
 
     /*
      * Make sure memory references are valid.
@@ -106,6 +110,14 @@ int main( int argc, char *argv[] )
     {
     usage:
         printf( USAGE );
+
+        list = ssl_list_ciphersuites();
+        while( *list )
+        {
+            printf("    %s\n", ssl_get_ciphersuite_name( *list ) );
+            list++;
+        }
+        printf("\n");
         goto exit;
     }
 
@@ -115,6 +127,7 @@ int main( int argc, char *argv[] )
     opt.request_page        = DFL_REQUEST_PAGE;
     opt.crt_file            = DFL_CRT_FILE;
     opt.key_file            = DFL_KEY_FILE;
+    opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
 
     for( i = 1; i < argc; i++ )
     {
@@ -151,6 +164,17 @@ int main( int argc, char *argv[] )
             opt.crt_file = q;
         else if( strcmp( p, "key_file" ) == 0 )
             opt.key_file = q;
+        else if( strcmp( p, "force_ciphersuite" ) == 0 )
+        {
+            opt.force_ciphersuite[0] = -1;
+
+            opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
+
+            if( opt.force_ciphersuite[0] <= 0 )
+                goto usage;
+
+            opt.force_ciphersuite[1] = 0;
+        }
         else
             goto usage;
     }
@@ -253,7 +277,11 @@ int main( int argc, char *argv[] )
     ssl_set_bio( &ssl, net_recv, &server_fd,
                        net_send, &server_fd );
 
-    ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
+    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
+        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
+    else
+        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+
     ssl_set_session( &ssl, 1, 600, &ssn );
 
     ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );