summaryrefslogtreecommitdiff
path: root/util/net_help.c
diff options
context:
space:
mode:
Diffstat (limited to 'util/net_help.c')
-rw-r--r--util/net_help.c32
1 files changed, 31 insertions, 1 deletions
diff --git a/util/net_help.c b/util/net_help.c
index 7f6daab4a1b4..49ce677f4aa0 100644
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -329,6 +329,26 @@ void log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone,
str, namebuf, family, dest, (int)port);
}
+void log_err_addr(const char* str, const char* err,
+ struct sockaddr_storage* addr, socklen_t addrlen)
+{
+ uint16_t port;
+ char dest[100];
+ int af = (int)((struct sockaddr_in*)addr)->sin_family;
+ void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr;
+ if(af == AF_INET6)
+ sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr;
+ if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
+ (void)strlcpy(dest, "(inet_ntop error)", sizeof(dest));
+ }
+ dest[sizeof(dest)-1] = 0;
+ port = ntohs(((struct sockaddr_in*)addr)->sin_port);
+ if(verbosity >= 4)
+ log_err("%s: %s for %s port %d (len %d)", str, err, dest,
+ (int)port, (int)addrlen);
+ else log_err("%s: %s for %s", str, err, dest);
+}
+
int
sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1,
struct sockaddr_storage* addr2, socklen_t len2)
@@ -593,12 +613,17 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem)
log_crypto_err("could not SSL_CTX_new");
return NULL;
}
- /* no SSLv2 because has defects */
+ /* no SSLv2, SSLv3 because has defects */
if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
log_crypto_err("could not set SSL_OP_NO_SSLv2");
SSL_CTX_free(ctx);
return NULL;
}
+ if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
+ log_crypto_err("could not set SSL_OP_NO_SSLv3");
+ SSL_CTX_free(ctx);
+ return NULL;
+ }
if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
log_err("error for cert file: %s", pem);
log_crypto_err("error in SSL_CTX use_certificate_file");
@@ -648,6 +673,11 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem)
SSL_CTX_free(ctx);
return NULL;
}
+ if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) {
+ log_crypto_err("could not set SSL_OP_NO_SSLv3");
+ SSL_CTX_free(ctx);
+ return NULL;
+ }
if(key && key[0]) {
if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
log_err("error in client certificate %s", pem);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-05 22:12:29 +0000