SSL programs: improve command-line error reporting

Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)

Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-06-27 09:28:24 +02:00
parent 3eea9a461c
commit 39a0a76fcc
2 changed files with 84 additions and 36 deletions

@ -464,7 +464,7 @@ int main(void)
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n"
"\n"
#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
@ -951,34 +951,54 @@ int main(int argc, char *argv[])
opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
p = q = NULL;
if (argc < 1) {
usage:
if (p != NULL && q != NULL) {
printf("unrecognized value for '%s': '%s'\n", p, q);
} else if (p != NULL && q == NULL) {
printf("unrecognized param: '%s'\n", p);
}
mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
mbedtls_printf(" ssl_client2 help[_theme]\n");
mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
mbedtls_printf("\n");
if (ret == 0) {
ret = 1;
}
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);
list = mbedtls_ssl_list_ciphersuites();
while (*list) {
mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (!*list) {
break;
}
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
}
mbedtls_printf("\n");
goto exit;
}
for (i = 1; i < argc; i++) {
p = argv[i];
if (strcmp(p, "help") == 0) {
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);
ret = 0;
goto exit;
}
if (strcmp(p, "help_ciphersuites") == 0) {
mbedtls_printf(" acceptable ciphersuite names:\n");
for (list = mbedtls_ssl_list_ciphersuites();
*list != 0;
list++) {
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
}
ret = 0;
goto exit;
}
if ((q = strchr(p, '=')) == NULL) {
mbedtls_printf("param requires a value: '%s'\n", p);
p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
@ -1375,9 +1395,13 @@ usage:
goto usage;
}
} else {
/* This signals that the problem is with p not q */
q = NULL;
goto usage;
}
}
/* This signals that any further errors are not with a single option */
p = q = NULL;
if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");

@ -584,7 +584,7 @@ int main(void)
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n"
"\n"
#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
@ -1741,34 +1741,54 @@ int main(int argc, char *argv[])
opt.key2_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
opt.key2_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
p = q = NULL;
if (argc < 1) {
usage:
if (p != NULL && q != NULL) {
printf("unrecognized value for '%s': '%s'\n", p, q);
} else if (p != NULL && q == NULL) {
printf("unrecognized param: '%s'\n", p);
}
mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
mbedtls_printf(" ssl_client2 help[_theme]\n");
mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
mbedtls_printf("\n");
if (ret == 0) {
ret = 1;
}
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);
list = mbedtls_ssl_list_ciphersuites();
while (*list) {
mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (!*list) {
break;
}
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
}
mbedtls_printf("\n");
goto exit;
}
for (i = 1; i < argc; i++) {
p = argv[i];
if (strcmp(p, "help") == 0) {
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);
ret = 0;
goto exit;
}
if (strcmp(p, "help_ciphersuites") == 0) {
mbedtls_printf(" acceptable ciphersuite names:\n");
for (list = mbedtls_ssl_list_ciphersuites();
*list != 0;
list++) {
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
}
ret = 0;
goto exit;
}
if ((q = strchr(p, '=')) == NULL) {
mbedtls_printf("param requires a value: '%s'\n", p);
p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
@ -2233,9 +2253,13 @@ usage:
goto usage;
}
} else {
/* This signals that the problem is with p not q */
q = NULL;
goto usage;
}
}
/* This signals that any further erorrs are not with a single option */
p = q = NULL;
if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");