SIGPIPE shall be ignored in most network-related cases.

[BearSSL] / tools / server.c

diff --git a/tools/server.c b/tools/server.c
index 983fbe6..c6978cf 100644 (file)
--- a/tools/server.c
+++ b/tools/server.c
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <stdint.h>
 #include <errno.h>
+#include <signal.h>
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -62,7 +63,6 @@ host_bind(const char *host, const char *port, int verbose)
                struct sockaddr_in6 sa6;
                size_t sa_len;
                void *addr;
-               char tmp[INET6_ADDRSTRLEN + 50];
                int opt;
 
                sa = (struct sockaddr *)p->ai_addr;
@@ -86,15 +86,19 @@ host_bind(const char *host, const char *port, int verbose)
                        addr = NULL;
                        sa_len = p->ai_addrlen;
                }
-               if (addr != NULL) {
-                       if (!inet_ntop(p->ai_family, addr, tmp, sizeof tmp)) {
-                               strcpy(tmp, "<invalid>");
-                       }
-               } else {
-                       sprintf(tmp, "<unknown family: %d>",
-                               (int)sa->sa_family);
-               }
                if (verbose) {
+                       char tmp[INET6_ADDRSTRLEN + 50];
+
+                       if (addr != NULL) {
+                               if (!inet_ntop(p->ai_family, addr,
+                                       tmp, sizeof tmp))
+                               {
+                                       strcpy(tmp, "<invalid>");
+                               }
+                       } else {
+                               sprintf(tmp, "<unknown family: %d>",
+                                       (int)sa->sa_family);
+                       }
                        fprintf(stderr, "binding to: %s\n", tmp);
                }
                fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
@@ -330,6 +334,9 @@ sp_choose(const br_ssl_server_policy_class **pctx,
                case BR_SSLKEYX_ECDHE_RSA:
                        if (pc->sk->key_type == BR_KEYTYPE_RSA) {
                                choices->cipher_suite = st[u][0];
+                               if (cc->eng.session.version < BR_TLS12) {
+                                       hash_id = 0;
+                               }
                                choices->hash_id = hash_id;
                                goto choose_ok;
                        }
@@ -337,6 +344,9 @@ sp_choose(const br_ssl_server_policy_class **pctx,
                case BR_SSLKEYX_ECDHE_ECDSA:
                        if (pc->sk->key_type == BR_KEYTYPE_EC) {
                                choices->cipher_suite = st[u][0];
+                               if (cc->eng.session.version < BR_TLS12) {
+                                       hash_id = br_sha1_ID;
+                               }
                                choices->hash_id = hash_id;
                                goto choose_ok;
                        }
@@ -1001,6 +1011,11 @@ do_server(int argc, char *argv[])
 
        br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
 
+       /*
+        * We need to ignore SIGPIPE.
+        */
+       signal(SIGPIPE, SIG_IGN);
+
        /*
         * Open the server socket.
         */