projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Small documentation fixes.
[BearSSL]
/
tools
/
server.c
diff --git
a/tools/server.c
b/tools/server.c
index
89d529b
..
b81ce07
100644
(file)
--- a/
tools/server.c
+++ b/
tools/server.c
@@
-27,6
+27,7
@@
#include <string.h>
#include <stdint.h>
#include <errno.h>
#include <string.h>
#include <stdint.h>
#include <errno.h>
+#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/socket.h>
@@
-62,7
+63,6
@@
host_bind(const char *host, const char *port, int verbose)
struct sockaddr_in6 sa6;
size_t sa_len;
void *addr;
struct sockaddr_in6 sa6;
size_t sa_len;
void *addr;
- char tmp[INET6_ADDRSTRLEN + 50];
int opt;
sa = (struct sockaddr *)p->ai_addr;
int opt;
sa = (struct sockaddr *)p->ai_addr;
@@
-86,13
+86,19
@@
host_bind(const char *host, const char *port, int verbose)
addr = NULL;
sa_len = p->ai_addrlen;
}
addr = NULL;
sa_len = p->ai_addrlen;
}
- if (addr != NULL) {
- inet_ntop(p->ai_family, addr, tmp, sizeof tmp);
- } else {
- sprintf(tmp, "<unknown family: %d>",
- (int)sa->sa_family);
- }
if (verbose) {
if (verbose) {
+ char tmp[INET6_ADDRSTRLEN + 50];
+
+ if (addr != NULL) {
+ if (!inet_ntop(p->ai_family, addr,
+ tmp, sizeof tmp))
+ {
+ strcpy(tmp, "<invalid>");
+ }
+ } else {
+ sprintf(tmp, "<unknown family: %d>",
+ (int)sa->sa_family);
+ }
fprintf(stderr, "binding to: %s\n", tmp);
}
fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
fprintf(stderr, "binding to: %s\n", tmp);
}
fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
@@
-161,8
+167,8
@@
accept_client(int server_fd, int verbose)
tmp, sizeof tmp);
break;
case AF_INET6:
tmp, sizeof tmp);
break;
case AF_INET6:
- name = inet_ntop(AF_INET,
- &((struct sockaddr_in
*)&sa)->sin
_addr,
+ name = inet_ntop(AF_INET
6
,
+ &((struct sockaddr_in
6 *)&sa)->sin6
_addr,
tmp, sizeof tmp);
break;
}
tmp, sizeof tmp);
break;
}
@@
-328,6
+334,11
@@
sp_choose(const br_ssl_server_policy_class **pctx,
case BR_SSLKEYX_ECDHE_RSA:
if (pc->sk->key_type == BR_KEYTYPE_RSA) {
choices->cipher_suite = st[u][0];
case BR_SSLKEYX_ECDHE_RSA:
if (pc->sk->key_type == BR_KEYTYPE_RSA) {
choices->cipher_suite = st[u][0];
+ if (br_ssl_engine_get_version(&cc->eng)
+ < BR_TLS12)
+ {
+ hash_id = 0;
+ }
choices->hash_id = hash_id;
goto choose_ok;
}
choices->hash_id = hash_id;
goto choose_ok;
}
@@
-335,6
+346,11
@@
sp_choose(const br_ssl_server_policy_class **pctx,
case BR_SSLKEYX_ECDHE_ECDSA:
if (pc->sk->key_type == BR_KEYTYPE_EC) {
choices->cipher_suite = st[u][0];
case BR_SSLKEYX_ECDHE_ECDSA:
if (pc->sk->key_type == BR_KEYTYPE_EC) {
choices->cipher_suite = st[u][0];
+ if (br_ssl_engine_get_version(&cc->eng)
+ < BR_TLS12)
+ {
+ hash_id = br_sha1_ID;
+ }
choices->hash_id = hash_id;
goto choose_ok;
}
choices->hash_id = hash_id;
goto choose_ok;
}
@@
-495,7
+511,7
@@
sp_do_sign(const br_ssl_server_policy_class **pctx,
hc = get_hash_impl(hash_id);
if (hc == NULL) {
if (pc->verbose) {
hc = get_hash_impl(hash_id);
if (hc == NULL) {
if (pc->verbose) {
- fprintf(stderr, "ERROR: cannot
R
SA-sign with"
+ fprintf(stderr, "ERROR: cannot
ECD
SA-sign with"
" unknown hash function: %d\n",
hash_id);
}
" unknown hash function: %d\n",
hash_id);
}
@@
-637,7
+653,11
@@
do_server(int argc, char *argv[])
usage_server();
goto server_exit_error;
}
usage_server();
goto server_exit_error;
}
- iobuf_len = strtoul(arg, 0, 10);
+ iobuf_len = parse_size(arg);
+ if (iobuf_len == (size_t)-1) {
+ usage_server();
+ goto server_exit_error;
+ }
} else if (eqstr(arg, "-cache")) {
if (++ i >= argc) {
fprintf(stderr,
} else if (eqstr(arg, "-cache")) {
if (++ i >= argc) {
fprintf(stderr,
@@
-652,7
+672,11
@@
do_server(int argc, char *argv[])
usage_server();
goto server_exit_error;
}
usage_server();
goto server_exit_error;
}
- cache_len = strtoul(arg, 0, 10);
+ cache_len = parse_size(arg);
+ if (cache_len == (size_t)-1) {
+ usage_server();
+ goto server_exit_error;
+ }
} else if (eqstr(arg, "-cert")) {
if (++ i >= argc) {
fprintf(stderr,
} else if (eqstr(arg, "-cert")) {
if (++ i >= argc) {
fprintf(stderr,
@@
-773,6
+797,8
@@
do_server(int argc, char *argv[])
hfuns |= x;
} else if (eqstr(arg, "-serverpref")) {
flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
hfuns |= x;
} else if (eqstr(arg, "-serverpref")) {
flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
+ } else if (eqstr(arg, "-noreneg")) {
+ flags |= BR_OPT_NO_RENEGOTIATION;
} else {
fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
usage_server();
} else {
fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
usage_server();
@@
-882,7
+908,7
@@
do_server(int argc, char *argv[])
suite_ids = xmalloc(num_suites * sizeof *suite_ids);
br_ssl_server_zero(&cc);
br_ssl_engine_set_versions(&cc.eng, vmin, vmax);
suite_ids = xmalloc(num_suites * sizeof *suite_ids);
br_ssl_server_zero(&cc);
br_ssl_engine_set_versions(&cc.eng, vmin, vmax);
- br_ssl_
server_set_all_flags(&cc
, flags);
+ br_ssl_
engine_set_all_flags(&cc.eng
, flags);
if (vmin <= BR_TLS11) {
if (!(hfuns & (1 << br_md5_ID))) {
fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n");
if (vmin <= BR_TLS11) {
if (!(hfuns & (1 << br_md5_ID))) {
fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n");
@@
-991,6
+1017,11
@@
do_server(int argc, char *argv[])
br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
+ /*
+ * We need to ignore SIGPIPE.
+ */
+ signal(SIGPIPE, SIG_IGN);
+
/*
* Open the server socket.
*/
/*
* Open the server socket.
*/