10 files changed, 57 insertions, 19 deletions
diff --git a/vchat-client.c b/vchat-client.c
index a22df94..92d1905 100644
--- a/vchat-client.c
+++ b/vchat-client.c
@@ -343,8 +343,13 @@ void cleanup(int signal) {
  /* inform user if we where killed by signal */
  if (signal > 1) {
    fprintf(stderr, "vchat-client: terminated with signal %d.\n", signal);
-  } else if (errstr[0])
+    if (!loggedin)
+      dumpconnect();
+  } else if (errstr[0]) {
    fputs(errstr, stderr);
+    if (!loggedin)
+      dumpconnect();
+  }
  /* end of story */
  exit(0);
 }
diff --git a/vchat-connection.c b/vchat-connection.c
index dea69d0..d0abc0d 100644
--- a/vchat-connection.c
+++ b/vchat-connection.c
@@ -166,7 +166,7 @@ int vc_connect(const char *server, const char *port) {
 #endif
 #ifdef TLS_LIB_MBEDTLS
  if (_engine == TLS_ENGINE_MBEDTLS)
-    result = vc_mbedtls_connect(serverfd, &vc_store);
+    result = vc_mbedtls_connect(server, serverfd, &vc_store);
 #endif
  vc_cleanup_x509store(&vc_store);
diff --git a/vchat-connection.h b/vchat-connection.h
index 766dc0a..84294f6 100644
--- a/vchat-connection.h
+++ b/vchat-connection.h
@@ -5,7 +5,7 @@
 int vc_connect(const char *host, const char *port);
 void vc_sendmessage(const char *message);
 int vc_receive();
-int vc_poll();
+int vc_poll(int);
 void vc_disconnect();
 const char *vchat_tls_version_external();
diff --git a/vchat-keygen b/vchat-keygen
index 91fcbba..4163838 100755
--- a/vchat-keygen
+++ b/vchat-keygen
@@ -29,7 +29,8 @@ if [ ! -e $KEYBASE.key ]; then
   echo "vchat-keygen: generating RSA key $KEYBASE.key"
   echo "vchat-keygen: please set passphrase for local security"
   umask 0077
-   openssl genrsa -des3 -out $KEYBASE.key 4096
+   openssl ecparam -genkey -name secp384r1 | \
+   openssl ec -out $KEYBASE.key -aes256
 else
   echo "vchat-keygen: private key $KEYBASE.key exists"
 fi
@@ -40,11 +41,11 @@ fi
         echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf"
         cat >$KEYBASE.ca.keyconf <<EOT
 [ req ]
-default_bits                    = 4096
 default_keyfile                 = user.key
 distinguished_name              = req_distinguished_name
 string_mask                     = nombstr
 req_extensions                  = v3_req
+default_md                      = sha384
 [ req_distinguished_name ]
 commonName                      = Name
 commonName_max                  = 64
@@ -57,7 +58,7 @@ EOT
      fi
      echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr"
                echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt"
-      openssl req -new -sha1 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr
+      openssl req -new -sha256 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr
                echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to
                vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will
                receive your signed Certificate shortly."
diff --git a/vchat-protocol.c b/vchat-protocol.c
index ac65639..c5021e4 100644
--- a/vchat-protocol.c
+++ b/vchat-protocol.c
@@ -235,6 +235,7 @@ static void justloggedin(char *message) {
    loadcfg(getstroption(CF_LOGINSCRIPT), 0, handleline);
    handleline(".S");
    loggedin = 1;
+    flushconnect();
  }
 }
diff --git a/vchat-tls.c b/vchat-tls.c
index eaa12f4..e230487 100644
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -475,7 +475,7 @@ static void vc_tls_report_error(int error, char *message) {
  writecf(FS_ERR, tmpstr);
 }
-int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) {
+int vc_mbedtls_connect(const char *servername, int serverfd, vc_x509store_t *vc_store) {
  /* Some aliases for shorter references */
  mbedstate *s = &_mbedtls_state;
  mbedtls_ssl_config *conf = &_mbedtls_state._conf;
@@ -510,7 +510,7 @@ int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) {
  char *ciphers = getstroption(CF_CIPHERSUITE);
  if (!ciphers)
-    ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
+    ciphers = "TLS1-3-AES-256-GCM-SHA384:TLS1-3-AES-128-GCM-SHA256:TLS1-3-AES-128-CCM-SHA256:TLS1-3-AES-128-CCM-8-SHA256:TLS1-3-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
  ciphers = strdup(ciphers);
  for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1;
       token = strtok(NULL, ":")) {
@@ -601,7 +601,7 @@ int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) {
        ret, "Can not configure parameters on tls context, mbedtls reports: ");
    return -1;
  }
-  /* TODO: mbedtls_ssl_set_hostname(&ssl, SERVER_NAME) */
+  mbedtls_ssl_set_hostname(ssl, strdup(servername));
  mbedtls_ssl_set_bio(ssl, (void *)(intptr_t)serverfd, static_tcp_send,
                      static_tcp_recv, NULL);
diff --git a/vchat-tls.h b/vchat-tls.h
index 5399820..60856e2 100644
--- a/vchat-tls.h
+++ b/vchat-tls.h
@@ -26,7 +26,7 @@ void vc_cleanup_x509store(vc_x509store_t *s);
 #if !defined(TLS_LIB_OPENSSL) && !defined(TLS_LIB_MBEDTLS)
 #error                                                                         \
-    "Neither TLS_LIB_OPENSSL nor TLS_LIB_MBEDTLS are defined. Please select exactly one."
+    "Neither TLS_LIB_OPENSSL nor TLS_LIB_MBEDTLS are defined. Please select at least one."
 #endif
 #ifdef TLS_LIB_OPENSSL
@@ -40,7 +40,7 @@ char *vc_openssl_version();
 #ifdef TLS_LIB_MBEDTLS
 void vc_mbedtls_init_x509store(vc_x509store_t *);
-int vc_mbedtls_connect(int serverfd, vc_x509store_t *);
+int vc_mbedtls_connect(const char* servername, int serverfd, vc_x509store_t *);
 ssize_t vc_mbedtls_sendmessage(const void *buf, size_t size);
 ssize_t vc_mbedtls_receivemessage(void *buf, size_t size);
 void vc_mbedtls_cleanup();
diff --git a/vchat-ui.c b/vchat-ui.c
index bb33287..90c7e9a 100644
--- a/vchat-ui.c
+++ b/vchat-ui.c
@@ -91,6 +91,7 @@ struct sb_data {
 static struct sb_data *sb_pub = NULL;
 static struct sb_data *sb_priv = NULL;
 static struct sb_data *sb_out = NULL;
+static struct sb_data *sb_connect = NULL;
 /* Tells, which window is active */
 static int sb_win = 0; /* 0 for pub, 1 for priv */
@@ -304,20 +305,24 @@ static void sb_flush(struct sb_data *sb) {
  struct sb_entry *now = sb->entries, *prev = NULL, *tmp;
  while (now) {
    tmp = (struct sb_entry *)((unsigned long)prev ^ (unsigned long)now->link);
+    prev = now;
    free(now->what);
    free(now);
-    prev = now;
    now = tmp;
  }
  sb->entries = NULL;
+  sb->last = NULL;
+  sb->count = 0;
+  sb->scroll = 0;
 }
-/*static void
+/*
-sb_clear ( struct sb_data **sb ) {
+static void sb_clear ( struct sb_data **sb ) {
  sb_flush(*sb);
  free( *sb );
  *sb = NULL;
-}*/
+}
+*/
 static struct sb_entry *sb_add(struct sb_data *sb, const char *line,
                               time_t when) {
@@ -393,7 +398,8 @@ int writecf(formtstr id, char *str) {
  struct sb_entry *tmp;
  int i = 0;
  time_t now = time(NULL);
-  snprintf(tmpstr, TMPSTRSIZE, getformatstr(id), str);
+  if (snprintf(tmpstr, TMPSTRSIZE, getformatstr(id), str) < 0)
+    return 0;
  tmp = sb_add(sb_pub, tmpstr, now);
  if ((sb_pub->scroll == sb_pub->count) &&
@@ -407,9 +413,27 @@ int writecf(formtstr id, char *str) {
  else
    consoleline(NULL);
+  if (!loggedin)
+    sb_add(sb_connect, str, now);
  return i;
 }
+void dumpconnect() {
+  struct sb_entry *now = sb_connect->entries, *prev = NULL, *tmp;
+  while (now) {
+    tmp = (struct sb_entry *)((unsigned long)prev ^ (unsigned long)now->link);
+    fputs(now->what, stderr);
+    fputc(10, stderr);
+    prev = now;
+    now = tmp;
+  }
+}
+void flushconnect() {
+  sb_flush(sb_connect);
+}
 int writepriv(char *str, int maybeep) {
  int i = 0;
  if (private) {
@@ -1222,6 +1246,7 @@ void initui(void) {
  /* Prepare our scrollback buffers */
  sb_pub = (struct sb_data *)malloc(sizeof(struct sb_data));
  sb_out = (struct sb_data *)malloc(sizeof(struct sb_data));
+  sb_connect = (struct sb_data *)malloc(sizeof(struct sb_data));
  if (privheight)
    sb_priv = (struct sb_data *)malloc(sizeof(struct sb_data));
  else
@@ -1230,6 +1255,7 @@ void initui(void) {
  memset(sb_pub, 0, sizeof(struct sb_data));
  memset(sb_priv, 0, sizeof(struct sb_data));
  memset(sb_out, 0, sizeof(struct sb_data));
+  memset(sb_connect, 0, sizeof(struct sb_data));
  /* set colors for windows */
  if (has_colors()) {
@@ -1344,15 +1370,17 @@ void consoleline(char *message) {
    char date[10];
    time_t now = time(NULL);
    strftime(date, sizeof(date), getformatstr(FS_CONSOLETIME), localtime(&now));
-    snprintf(tmpstr, TMPSTRSIZE, "%s%s", date, consolestr);
+    if (snprintf(tmpstr, TMPSTRSIZE, "%s%s", date, consolestr) < 0)
+        return;
    mvwaddnstr(console, 0, 0, tmpstr, getmaxx(console) - 1);
  } else {
    mvwaddnstr(console, 0, 0, message ? message : consolestr,
               getmaxx(console) - 1);
  }
-  snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_SBINF), sb_pub->scroll,
+  if (snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_SBINF), sb_pub->scroll,
-           sb_pub->count);
+           sb_pub->count) < 0)
+    return;
  mvwaddstr(console, 0, getmaxx(console) - 1 - (strlen(tmpstr) - 1), tmpstr);
  if (sb_win == 0)
    mvwaddch(console, 0, getmaxx(console) - 1, '*');
diff --git a/vchat.h b/vchat.h
index 412566a..3fdbb37 100644
--- a/vchat.h
+++ b/vchat.h
@@ -195,6 +195,9 @@ void flushout(void);
  }
 void hideout(void);
 int writecf(formtstr id, char *str);
+/*   dumps aggregated connect output in case of a connection error */
+void dumpconnect();
+void flushconnect();
 extern int outputcountdown;
diff --git a/vchatrc.ex b/vchatrc.ex
index c66d1f9..c66d1f9 100755..100644
--- a/vchatrc.ex
+++ b/vchatrc.ex