From d6e71b083fa61b1862bf1a93af6a8628d87a3c72 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 29 Sep 2014 15:31:38 +0000
Subject: Move cipher configuration handling to the shared SSL configuration
 function so that applies to both the ressl client and server.

---
 src/lib/libressl/ressl.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src/lib/libressl/ressl.c')

diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index 516afa53d6..b85fe04415 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.15 2014/09/29 15:11:29 jsing Exp $ */
+/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -182,7 +182,18 @@ ressl_configure_ssl(struct ressl *ctx)
 	if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_2) == 0)
 		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
 
+	if (ctx->config->ciphers != NULL) {
+		if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
+		    ctx->config->ciphers) != 1) {
+			ressl_set_error(ctx, "failed to set ciphers");
+			goto err;
+		}
+	}
+
 	return (0);
+
+err:
+	return (-1);
 }
 
 void
-- 
cgit v1.2.3-55-g6feb