diff options
| author | jsing <> | 2014-09-29 15:31:38 +0000 |
|---|---|---|
| committer | jsing <> | 2014-09-29 15:31:38 +0000 |
| commit | d6e71b083fa61b1862bf1a93af6a8628d87a3c72 (patch) | |
| tree | ede825387bedc401b11c74d25733718e1c84df5e /src/lib | |
| parent | 0211c1396ff6d4dc401cabef56c2af3202f043f9 (diff) | |
| download | openbsd-d6e71b083fa61b1862bf1a93af6a8628d87a3c72.tar.gz openbsd-d6e71b083fa61b1862bf1a93af6a8628d87a3c72.tar.bz2 openbsd-d6e71b083fa61b1862bf1a93af6a8628d87a3c72.zip | |
Move cipher configuration handling to the shared SSL configuration function
so that applies to both the ressl client and server.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libressl/ressl.c | 13 | ||||
| -rw-r--r-- | src/lib/libressl/ressl_server.c | 10 |
2 files changed, 13 insertions, 10 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c index 516afa53d6..b85fe04415 100644 --- a/src/lib/libressl/ressl.c +++ b/src/lib/libressl/ressl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl.c,v 1.15 2014/09/29 15:11:29 jsing Exp $ */ | 1 | /* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -182,7 +182,18 @@ ressl_configure_ssl(struct ressl *ctx) | |||
| 182 | if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_2) == 0) | 182 | if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_2) == 0) |
| 183 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2); | 183 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2); |
| 184 | 184 | ||
| 185 | if (ctx->config->ciphers != NULL) { | ||
| 186 | if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, | ||
| 187 | ctx->config->ciphers) != 1) { | ||
| 188 | ressl_set_error(ctx, "failed to set ciphers"); | ||
| 189 | goto err; | ||
| 190 | } | ||
| 191 | } | ||
| 192 | |||
| 185 | return (0); | 193 | return (0); |
| 194 | |||
| 195 | err: | ||
| 196 | return (-1); | ||
| 186 | } | 197 | } |
| 187 | 198 | ||
| 188 | void | 199 | void |
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c index e2dc7cf088..33ac8fc33d 100644 --- a/src/lib/libressl/ressl_server.c +++ b/src/lib/libressl/ressl_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl_server.c,v 1.8 2014/09/29 15:11:29 jsing Exp $ */ | 1 | /* $OpenBSD: ressl_server.c,v 1.9 2014/09/29 15:31:38 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -62,14 +62,6 @@ ressl_configure_server(struct ressl *ctx) | |||
| 62 | if (ressl_configure_keypair(ctx) != 0) | 62 | if (ressl_configure_keypair(ctx) != 0) |
| 63 | goto err; | 63 | goto err; |
| 64 | 64 | ||
| 65 | if (ctx->config->ciphers != NULL) { | ||
| 66 | if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, | ||
| 67 | ctx->config->ciphers) != 1) { | ||
| 68 | ressl_set_error(ctx, "failed to set ciphers"); | ||
| 69 | goto err; | ||
| 70 | } | ||
| 71 | } | ||
| 72 | |||
| 73 | if (ctx->config->ecdhcurve != NID_undef) { | 65 | if (ctx->config->ecdhcurve != NID_undef) { |
| 74 | if ((ecdh_key = EC_KEY_new_by_curve_name( | 66 | if ((ecdh_key = EC_KEY_new_by_curve_name( |
| 75 | ctx->config->ecdhcurve)) == NULL) { | 67 | ctx->config->ecdhcurve)) == NULL) { |