diff options
author | Nils Larsch <nils@openssl.org> | 2005-06-10 19:51:16 +0000 |
---|---|---|
committer | Nils Larsch <nils@openssl.org> | 2005-06-10 19:51:16 +0000 |
commit | cac0d4ee6fc8e47a87a521b54fea1411c005e9a5 (patch) | |
tree | 175addf79c59e0e0beada087b8215f818121e205 /ssl/ssl_lib.c | |
parent | 428759b3d4c75a1009cfba88d6458015108f3f90 (diff) |
- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d716d97c54..25efa29a57 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1153,8 +1153,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, &ctx->cipher_list_by_id,str); -/* XXXX */ - return((sk == NULL)?0:1); + /* ssl_create_cipher_list may return an empty stack if it + * was unable to find a cipher matching the given rule string + * (for example if the rule string specifies a cipher which + * has been disabled). This is not an error as far as + * ssl_create_cipher_list is concerned, and hence + * ctx->cipher_list and ctx->cipher_list_by_id has been + * updated. */ + if (sk == NULL) + return 0; + else if (sk_SSL_CIPHER_num(sk) == 0) + { + SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + return 0; + } + return 1; } /** specify the ciphers to be used by the SSL */ @@ -1164,8 +1177,15 @@ int SSL_set_cipher_list(SSL *s,const char *str) sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, &s->cipher_list_by_id,str); -/* XXXX */ - return((sk == NULL)?0:1); + /* see comment in SSL_CTX_set_cipher_list */ + if (sk == NULL) + return 0; + else if (sk_SSL_CIPHER_num(sk) == 0) + { + SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + return 0; + } + return 1; } /* works well for SSLv2, not so good for SSLv3 */ @@ -1377,8 +1397,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) ret->default_passwd_callback=0; ret->default_passwd_callback_userdata=NULL; ret->client_cert_cb=0; - ret->app_gen_cookie_cb=0; - ret->app_verify_cookie_cb=0; + ret->app_gen_cookie_cb=0; + ret->app_verify_cookie_cb=0; ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), LHASH_COMP_FN(SSL_SESSION_cmp)); |