X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fserver.c;h=b81ce074811421f454823d17613678daec8b05af;hp=89d529b832d1e161046f606df4cc1d1094475a3d;hb=298ce6530ef1981072716139905b625dda76d618;hpb=6b4cd8609450f294071b38f478bec3b6b8c48ce5 diff --git a/tools/server.c b/tools/server.c index 89d529b..b81ce07 100644 --- a/tools/server.c +++ b/tools/server.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -62,7 +63,6 @@ host_bind(const char *host, const char *port, int verbose) struct sockaddr_in6 sa6; size_t sa_len; void *addr; - char tmp[INET6_ADDRSTRLEN + 50]; int opt; sa = (struct sockaddr *)p->ai_addr; @@ -86,13 +86,19 @@ host_bind(const char *host, const char *port, int verbose) addr = NULL; sa_len = p->ai_addrlen; } - if (addr != NULL) { - inet_ntop(p->ai_family, addr, tmp, sizeof tmp); - } else { - sprintf(tmp, "", - (int)sa->sa_family); - } if (verbose) { + char tmp[INET6_ADDRSTRLEN + 50]; + + if (addr != NULL) { + if (!inet_ntop(p->ai_family, addr, + tmp, sizeof tmp)) + { + strcpy(tmp, ""); + } + } else { + sprintf(tmp, "", + (int)sa->sa_family); + } fprintf(stderr, "binding to: %s\n", tmp); } fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); @@ -161,8 +167,8 @@ accept_client(int server_fd, int verbose) tmp, sizeof tmp); break; case AF_INET6: - name = inet_ntop(AF_INET, - &((struct sockaddr_in *)&sa)->sin_addr, + name = inet_ntop(AF_INET6, + &((struct sockaddr_in6 *)&sa)->sin6_addr, tmp, sizeof tmp); break; } @@ -328,6 +334,11 @@ sp_choose(const br_ssl_server_policy_class **pctx, case BR_SSLKEYX_ECDHE_RSA: if (pc->sk->key_type == BR_KEYTYPE_RSA) { choices->cipher_suite = st[u][0]; + if (br_ssl_engine_get_version(&cc->eng) + < BR_TLS12) + { + hash_id = 0; + } choices->hash_id = hash_id; goto choose_ok; } @@ -335,6 +346,11 @@ sp_choose(const br_ssl_server_policy_class **pctx, case BR_SSLKEYX_ECDHE_ECDSA: if (pc->sk->key_type == BR_KEYTYPE_EC) { choices->cipher_suite = st[u][0]; + if (br_ssl_engine_get_version(&cc->eng) + < BR_TLS12) + { + hash_id = br_sha1_ID; + } choices->hash_id = hash_id; goto choose_ok; } @@ -495,7 +511,7 @@ sp_do_sign(const br_ssl_server_policy_class **pctx, hc = get_hash_impl(hash_id); if (hc == NULL) { if (pc->verbose) { - fprintf(stderr, "ERROR: cannot RSA-sign with" + fprintf(stderr, "ERROR: cannot ECDSA-sign with" " unknown hash function: %d\n", hash_id); } @@ -637,7 +653,11 @@ do_server(int argc, char *argv[]) usage_server(); goto server_exit_error; } - iobuf_len = strtoul(arg, 0, 10); + iobuf_len = parse_size(arg); + if (iobuf_len == (size_t)-1) { + usage_server(); + goto server_exit_error; + } } else if (eqstr(arg, "-cache")) { if (++ i >= argc) { fprintf(stderr, @@ -652,7 +672,11 @@ do_server(int argc, char *argv[]) usage_server(); goto server_exit_error; } - cache_len = strtoul(arg, 0, 10); + cache_len = parse_size(arg); + if (cache_len == (size_t)-1) { + usage_server(); + goto server_exit_error; + } } else if (eqstr(arg, "-cert")) { if (++ i >= argc) { fprintf(stderr, @@ -773,6 +797,8 @@ do_server(int argc, char *argv[]) hfuns |= x; } else if (eqstr(arg, "-serverpref")) { flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES; + } else if (eqstr(arg, "-noreneg")) { + flags |= BR_OPT_NO_RENEGOTIATION; } else { fprintf(stderr, "ERROR: unknown option: '%s'\n", arg); usage_server(); @@ -882,7 +908,7 @@ do_server(int argc, char *argv[]) suite_ids = xmalloc(num_suites * sizeof *suite_ids); br_ssl_server_zero(&cc); br_ssl_engine_set_versions(&cc.eng, vmin, vmax); - br_ssl_server_set_all_flags(&cc, flags); + br_ssl_engine_set_all_flags(&cc.eng, flags); if (vmin <= BR_TLS11) { if (!(hfuns & (1 << br_md5_ID))) { fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n"); @@ -991,6 +1017,11 @@ do_server(int argc, char *argv[]) br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi); + /* + * We need to ignore SIGPIPE. + */ + signal(SIGPIPE, SIG_IGN); + /* * Open the server socket. */