projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Added support for TLS_FALLBACK_SCSV.
[BearSSL]
/
tools
/
server.c
diff --git
a/tools/server.c
b/tools/server.c
index
0af6b42
..
71cfa5d
100644
(file)
--- a/
tools/server.c
+++ b/
tools/server.c
@@
-62,7
+62,6
@@
host_bind(const char *host, const char *port, int verbose)
struct sockaddr_in6 sa6;
size_t sa_len;
void *addr;
struct sockaddr_in6 sa6;
size_t sa_len;
void *addr;
- char tmp[INET6_ADDRSTRLEN + 50];
int opt;
sa = (struct sockaddr *)p->ai_addr;
int opt;
sa = (struct sockaddr *)p->ai_addr;
@@
-86,13
+85,19
@@
host_bind(const char *host, const char *port, int verbose)
addr = NULL;
sa_len = p->ai_addrlen;
}
addr = NULL;
sa_len = p->ai_addrlen;
}
- if (addr != NULL) {
- inet_ntop(p->ai_family, addr, tmp, sizeof tmp);
- } else {
- sprintf(tmp, "<unknown family: %d>",
- (int)sa->sa_family);
- }
if (verbose) {
if (verbose) {
+ char tmp[INET6_ADDRSTRLEN + 50];
+
+ if (addr != NULL) {
+ if (!inet_ntop(p->ai_family, addr,
+ tmp, sizeof tmp))
+ {
+ strcpy(tmp, "<invalid>");
+ }
+ } else {
+ sprintf(tmp, "<unknown family: %d>",
+ (int)sa->sa_family);
+ }
fprintf(stderr, "binding to: %s\n", tmp);
}
fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
fprintf(stderr, "binding to: %s\n", tmp);
}
fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
@@
-328,6
+333,9
@@
sp_choose(const br_ssl_server_policy_class **pctx,
case BR_SSLKEYX_ECDHE_RSA:
if (pc->sk->key_type == BR_KEYTYPE_RSA) {
choices->cipher_suite = st[u][0];
case BR_SSLKEYX_ECDHE_RSA:
if (pc->sk->key_type == BR_KEYTYPE_RSA) {
choices->cipher_suite = st[u][0];
+ if (cc->eng.session.version < BR_TLS12) {
+ hash_id = 0;
+ }
choices->hash_id = hash_id;
goto choose_ok;
}
choices->hash_id = hash_id;
goto choose_ok;
}
@@
-335,6
+343,9
@@
sp_choose(const br_ssl_server_policy_class **pctx,
case BR_SSLKEYX_ECDHE_ECDSA:
if (pc->sk->key_type == BR_KEYTYPE_EC) {
choices->cipher_suite = st[u][0];
case BR_SSLKEYX_ECDHE_ECDSA:
if (pc->sk->key_type == BR_KEYTYPE_EC) {
choices->cipher_suite = st[u][0];
+ if (cc->eng.session.version < BR_TLS12) {
+ hash_id = br_sha1_ID;
+ }
choices->hash_id = hash_id;
goto choose_ok;
}
choices->hash_id = hash_id;
goto choose_ok;
}