From d6e71b083fa61b1862bf1a93af6a8628d87a3c72 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 29 Sep 2014 15:31:38 +0000 Subject: Move cipher configuration handling to the shared SSL configuration function so that applies to both the ressl client and server. --- src/lib/libressl/ressl.c | 13 ++++++++++++- src/lib/libressl/ressl_server.c | 10 +--------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c index 516afa53d6..b85fe04415 100644 --- a/src/lib/libressl/ressl.c +++ b/src/lib/libressl/ressl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl.c,v 1.15 2014/09/29 15:11:29 jsing Exp $ */ +/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -182,7 +182,18 @@ ressl_configure_ssl(struct ressl *ctx) if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_2) == 0) SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2); + if (ctx->config->ciphers != NULL) { + if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, + ctx->config->ciphers) != 1) { + ressl_set_error(ctx, "failed to set ciphers"); + goto err; + } + } + return (0); + +err: + return (-1); } void diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c index e2dc7cf088..33ac8fc33d 100644 --- a/src/lib/libressl/ressl_server.c +++ b/src/lib/libressl/ressl_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl_server.c,v 1.8 2014/09/29 15:11:29 jsing Exp $ */ +/* $OpenBSD: ressl_server.c,v 1.9 2014/09/29 15:31:38 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -62,14 +62,6 @@ ressl_configure_server(struct ressl *ctx) if (ressl_configure_keypair(ctx) != 0) goto err; - if (ctx->config->ciphers != NULL) { - if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, - ctx->config->ciphers) != 1) { - ressl_set_error(ctx, "failed to set ciphers"); - goto err; - } - } - if (ctx->config->ecdhcurve != NID_undef) { if ((ecdh_key = EC_KEY_new_by_curve_name( ctx->config->ecdhcurve)) == NULL) { -- cgit v1.2.3-55-g6feb