diff options
author | Matt Caswell <matt@openssl.org> | 2020-11-20 17:23:57 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-11-23 09:31:23 +0000 |
commit | a68eee679a4b85f6846519412e1895c56475959c (patch) | |
tree | 820c23d80703597540634c1579a3549a27f0bba5 /ssl/ssl_lib.c | |
parent | 97485aec7f16714f309aeb6637bc4faa2f61f98a (diff) |
Move some libssl global variables into SSL_CTX
disabled_enc_mask et al were global. Now that cipher loading is done
individually for each SSL_CTX, based on the libctx configured for that
SSL_CTX this means that some things will be disabled for one SSL_CTX but
not for another. The global variables set up the potential for different
SSL_CTXs to trample on each other. We move these variables into the SSL_CTX
structure.
Fixes #12040
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13465)
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 09702e81c3..d14d5819ba 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -656,7 +656,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; } - sk = ssl_create_cipher_list(ctx->method, + sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -2701,7 +2701,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { STACK_OF(SSL_CIPHER) *sk; - sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites, + sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites, &ctx->cipher_list, &ctx->cipher_list_by_id, str, ctx->cert); /* @@ -2725,7 +2725,7 @@ int SSL_set_cipher_list(SSL *s, const char *str) { STACK_OF(SSL_CIPHER) *sk; - sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites, + sk = ssl_create_cipher_list(s->ctx, s->tls13_ciphersuites, &s->cipher_list, &s->cipher_list_by_id, str, s->cert); /* see comment in SSL_CTX_set_cipher_list */ @@ -3190,7 +3190,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) goto err; - if (!ssl_create_cipher_list(ret->method, + if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, OSSL_default_cipher_list(), ret->cert) |