" -hf names add support for some hash functions (comma-separated)\n");
fprintf(stderr,
" -serverpref enforce server's preferences for cipher suites\n");
+ fprintf(stderr,
+" -noreneg prohibit renegotiations\n");
+ fprintf(stderr,
+" -alpn name add protocol name to list of protocols (ALPN extension)\n");
+ fprintf(stderr,
+" -strictalpn fail on ALPN mismatch\n");
exit(EXIT_FAILURE);
}
sp_do_sign
};
+void
+free_alpn(void *alpn)
+{
+ xfree(*(char **)alpn);
+}
+
/* see brssl.h */
int
do_server(int argc, char *argv[])
int cert_signer_algo;
private_key *sk;
anchor_list anchors = VEC_INIT;
+ VECTOR(const char *) alpn_names = VEC_INIT;
br_x509_minimal_context xc;
const br_hash_class *dnhash;
size_t u;
flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
} else if (eqstr(arg, "-noreneg")) {
flags |= BR_OPT_NO_RENEGOTIATION;
+ } else if (eqstr(arg, "-alpn")) {
+ if (++ i >= argc) {
+ fprintf(stderr,
+ "ERROR: no argument for '-alpn'\n");
+ usage_server();
+ goto server_exit_error;
+ }
+ VEC_ADD(alpn_names, xstrdup(argv[i]));
+ } else if (eqstr(arg, "-strictalpn")) {
+ flags |= BR_OPT_FAIL_ON_ALPN_MISMATCH;
} else {
fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
usage_server();
&br_sslrec_in_gcm_vtable,
&br_sslrec_out_gcm_vtable);
}
+ if ((req & REQ_CHAPOL) != 0) {
+ br_ssl_engine_set_chacha20(&cc.eng,
+ &br_chacha20_ct_run);
+ br_ssl_engine_set_poly1305(&cc.eng,
+ &br_poly1305_ctmul_run);
+ br_ssl_engine_set_chapol(&cc.eng,
+ &br_sslrec_in_chapol_vtable,
+ &br_sslrec_out_chapol_vtable);
+ }
if ((req & REQ_3DESCBC) != 0) {
br_ssl_engine_set_des_cbc(&cc.eng,
&br_des_ct_cbcenc_vtable,
br_ssl_session_cache_lru_init(&lru, cache, cache_len);
br_ssl_server_set_cache(&cc, &lru.vtable);
+ if (VEC_LEN(alpn_names) != 0) {
+ br_ssl_engine_set_protocol_names(&cc.eng,
+ &VEC_ELT(alpn_names, 0), VEC_LEN(alpn_names));
+ }
+
/*
* Set the policy handler (that chooses the actual cipher suite,
* selects the certificate chain, and runs the private key
free_certificates(chain, chain_len);
free_private_key(sk);
VEC_CLEAREXT(anchors, &free_ta_contents);
+ VEC_CLEAREXT(alpn_names, &free_alpn);
xfree(iobuf);
xfree(cache);
if (fd >= 0) {