summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authortb <>2022-06-29 20:04:28 +0000
committertb <>2022-06-29 20:04:28 +0000
commit3fea5b8f156b0f6938854f06889198450a477b37 (patch)
tree18f3d12e5373f95fffa5674634fc8a75e8f914ab /src/lib/libssl/ssl_lib.c
parentfc8a9f3799769566fe4b424c43a81a1a71f91328 (diff)
downloadopenbsd-3fea5b8f156b0f6938854f06889198450a477b37.tar.gz
openbsd-3fea5b8f156b0f6938854f06889198450a477b37.tar.bz2
openbsd-3fea5b8f156b0f6938854f06889198450a477b37.zip
Parse the @SECLEVEL=n annotation in cipher strings
To this end, hand the SSL_CERT through about 5 levels of indirection to set an integer on it. ok beck jsing
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b959d3428f..609bfb7e65 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.293 2022/06/29 17:39:20 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.294 2022/06/29 20:04:28 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -226,7 +226,8 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
226 ctx->method = meth; 226 ctx->method = meth;
227 227
228 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 228 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
229 ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST); 229 ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST,
230 ctx->internal->cert);
230 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { 231 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
231 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 232 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
232 return (0); 233 return (0);
@@ -1547,7 +1548,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1547 * ctx->cipher_list has been updated. 1548 * ctx->cipher_list has been updated.
1548 */ 1549 */
1549 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1550 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1550 ctx->internal->cipher_list_tls13, str); 1551 ctx->internal->cipher_list_tls13, str, ctx->internal->cert);
1551 if (ciphers == NULL) { 1552 if (ciphers == NULL) {
1552 return (0); 1553 return (0);
1553 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1554 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
@@ -1582,7 +1583,7 @@ SSL_set_cipher_list(SSL *s, const char *str)
1582 1583
1583 /* See comment in SSL_CTX_set_cipher_list. */ 1584 /* See comment in SSL_CTX_set_cipher_list. */
1584 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1585 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1585 ciphers_tls13, str); 1586 ciphers_tls13, str, s->cert);
1586 if (ciphers == NULL) { 1587 if (ciphers == NULL) {
1587 return (0); 1588 return (0);
1588 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1589 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
@@ -2011,7 +2012,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
2011 goto err; 2012 goto err;
2012 2013
2013 ssl_create_cipher_list(ret->method, &ret->cipher_list, 2014 ssl_create_cipher_list(ret->method, &ret->cipher_list,
2014 NULL, SSL_DEFAULT_CIPHER_LIST); 2015 NULL, SSL_DEFAULT_CIPHER_LIST, ret->internal->cert);
2015 if (ret->cipher_list == NULL || 2016 if (ret->cipher_list == NULL ||
2016 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 2017 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
2017 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); 2018 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 02:11:43 +0000