case BR_SSLKEYX_ECDHE_RSA:
if (pc->sk->key_type == BR_KEYTYPE_RSA) {
choices->cipher_suite = st[u][0];
- if (cc->eng.session.version < BR_TLS12) {
+ if (br_ssl_engine_get_version(&cc->eng)
+ < BR_TLS12)
+ {
hash_id = 0;
}
choices->hash_id = hash_id;
case BR_SSLKEYX_ECDHE_ECDSA:
if (pc->sk->key_type == BR_KEYTYPE_EC) {
choices->cipher_suite = st[u][0];
- if (cc->eng.session.version < BR_TLS12) {
+ if (br_ssl_engine_get_version(&cc->eng)
+ < BR_TLS12)
+ {
hash_id = br_sha1_ID;
}
choices->hash_id = hash_id;
hc = get_hash_impl(hash_id);
if (hc == NULL) {
if (pc->verbose) {
- fprintf(stderr, "ERROR: cannot RSA-sign with"
+ fprintf(stderr, "ERROR: cannot ECDSA-sign with"
" unknown hash function: %d\n",
hash_id);
}
hfuns |= x;
} else if (eqstr(arg, "-serverpref")) {
flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
+ } else if (eqstr(arg, "-noreneg")) {
+ flags |= BR_OPT_NO_RENEGOTIATION;
} else {
fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
usage_server();
suite_ids = xmalloc(num_suites * sizeof *suite_ids);
br_ssl_server_zero(&cc);
br_ssl_engine_set_versions(&cc.eng, vmin, vmax);
- br_ssl_server_set_all_flags(&cc, flags);
+ br_ssl_engine_set_all_flags(&cc.eng, flags);
if (vmin <= BR_TLS11) {
if (!(hfuns & (1 << br_md5_ID))) {
fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n");