X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fserver.c;h=b81ce074811421f454823d17613678daec8b05af;hp=983fbe619f36c29181697936f8d7708aaa273ac4;hb=298ce6530ef1981072716139905b625dda76d618;hpb=16d0864818cdf24e4fb1d722fe71456c03e3fc17;ds=sidebyside diff --git a/tools/server.c b/tools/server.c index 983fbe6..b81ce07 100644 --- a/tools/server.c +++ b/tools/server.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -62,7 +63,6 @@ host_bind(const char *host, const char *port, int verbose) struct sockaddr_in6 sa6; size_t sa_len; void *addr; - char tmp[INET6_ADDRSTRLEN + 50]; int opt; sa = (struct sockaddr *)p->ai_addr; @@ -86,15 +86,19 @@ host_bind(const char *host, const char *port, int verbose) addr = NULL; sa_len = p->ai_addrlen; } - if (addr != NULL) { - if (!inet_ntop(p->ai_family, addr, tmp, sizeof tmp)) { - strcpy(tmp, ""); - } - } else { - sprintf(tmp, "", - (int)sa->sa_family); - } if (verbose) { + char tmp[INET6_ADDRSTRLEN + 50]; + + if (addr != NULL) { + if (!inet_ntop(p->ai_family, addr, + tmp, sizeof tmp)) + { + strcpy(tmp, ""); + } + } else { + sprintf(tmp, "", + (int)sa->sa_family); + } fprintf(stderr, "binding to: %s\n", tmp); } fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); @@ -330,6 +334,11 @@ sp_choose(const br_ssl_server_policy_class **pctx, case BR_SSLKEYX_ECDHE_RSA: if (pc->sk->key_type == BR_KEYTYPE_RSA) { choices->cipher_suite = st[u][0]; + if (br_ssl_engine_get_version(&cc->eng) + < BR_TLS12) + { + hash_id = 0; + } choices->hash_id = hash_id; goto choose_ok; } @@ -337,6 +346,11 @@ sp_choose(const br_ssl_server_policy_class **pctx, case BR_SSLKEYX_ECDHE_ECDSA: if (pc->sk->key_type == BR_KEYTYPE_EC) { choices->cipher_suite = st[u][0]; + if (br_ssl_engine_get_version(&cc->eng) + < BR_TLS12) + { + hash_id = br_sha1_ID; + } choices->hash_id = hash_id; goto choose_ok; } @@ -497,7 +511,7 @@ sp_do_sign(const br_ssl_server_policy_class **pctx, hc = get_hash_impl(hash_id); if (hc == NULL) { if (pc->verbose) { - fprintf(stderr, "ERROR: cannot RSA-sign with" + fprintf(stderr, "ERROR: cannot ECDSA-sign with" " unknown hash function: %d\n", hash_id); } @@ -783,6 +797,8 @@ do_server(int argc, char *argv[]) hfuns |= x; } else if (eqstr(arg, "-serverpref")) { flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES; + } else if (eqstr(arg, "-noreneg")) { + flags |= BR_OPT_NO_RENEGOTIATION; } else { fprintf(stderr, "ERROR: unknown option: '%s'\n", arg); usage_server(); @@ -892,7 +908,7 @@ do_server(int argc, char *argv[]) suite_ids = xmalloc(num_suites * sizeof *suite_ids); br_ssl_server_zero(&cc); br_ssl_engine_set_versions(&cc.eng, vmin, vmax); - br_ssl_server_set_all_flags(&cc, flags); + br_ssl_engine_set_all_flags(&cc.eng, flags); if (vmin <= BR_TLS11) { if (!(hfuns & (1 << br_md5_ID))) { fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n"); @@ -1001,6 +1017,11 @@ do_server(int argc, char *argv[]) br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi); + /* + * We need to ignore SIGPIPE. + */ + signal(SIGPIPE, SIG_IGN); + /* * Open the server socket. */