X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fserver.c;h=ea247ab0c0217ef5cda2b17adba60106a3f305c3;hp=9424bf542033f8b8df46f9b4f1e3ecea485738ae;hb=e8ccee8bcdae80cdf74c6d7327f1c7572589fae3;hpb=f3ac21cb00646600475b02ecd2c592ee36e417da diff --git a/tools/server.c b/tools/server.c index 9424bf5..ea247ab 100644 --- a/tools/server.c +++ b/tools/server.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -333,6 +334,9 @@ sp_choose(const br_ssl_server_policy_class **pctx, case BR_SSLKEYX_ECDHE_RSA: if (pc->sk->key_type == BR_KEYTYPE_RSA) { choices->cipher_suite = st[u][0]; + if (cc->eng.session.version < BR_TLS12) { + hash_id = 0; + } choices->hash_id = hash_id; goto choose_ok; } @@ -340,6 +344,9 @@ sp_choose(const br_ssl_server_policy_class **pctx, case BR_SSLKEYX_ECDHE_ECDSA: if (pc->sk->key_type == BR_KEYTYPE_EC) { choices->cipher_suite = st[u][0]; + if (cc->eng.session.version < BR_TLS12) { + hash_id = br_sha1_ID; + } choices->hash_id = hash_id; goto choose_ok; } @@ -786,6 +793,8 @@ do_server(int argc, char *argv[]) hfuns |= x; } else if (eqstr(arg, "-serverpref")) { flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES; + } else if (eqstr(arg, "-noreneg")) { + flags |= BR_OPT_NO_RENEGOTIATION; } else { fprintf(stderr, "ERROR: unknown option: '%s'\n", arg); usage_server(); @@ -895,7 +904,7 @@ do_server(int argc, char *argv[]) suite_ids = xmalloc(num_suites * sizeof *suite_ids); br_ssl_server_zero(&cc); br_ssl_engine_set_versions(&cc.eng, vmin, vmax); - br_ssl_server_set_all_flags(&cc, flags); + br_ssl_engine_set_all_flags(&cc.eng, flags); if (vmin <= BR_TLS11) { if (!(hfuns & (1 << br_md5_ID))) { fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n"); @@ -1004,6 +1013,11 @@ do_server(int argc, char *argv[]) br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi); + /* + * We need to ignore SIGPIPE. + */ + signal(SIGPIPE, SIG_IGN); + /* * Open the server socket. */