generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: do not directly access SSL_ImplementedCiphers[]

Browse Source 
It causes dynamic linking issues at run-time after an update of NSS.

Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
This commit is contained in:
Kamil Dudka 2015-09-04 14:35:36 +02:00
parent a60bde79f9
commit 7380433d6a
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/vtls/nss.c
View File

@ -211,16 +211,22 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
PRBool found; PRBool found;
char *cipher; char *cipher;
/* use accessors to avoid dynamic linking issues after an update of NSS */
const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers();
const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
if(!implemented_ciphers)
return SECFailure;
/* First disable all ciphers. This uses a different max value in case /* First disable all ciphers. This uses a different max value in case
* NSS adds more ciphers later we don't want them available by * NSS adds more ciphers later we don't want them available by
* accident * accident
*/ */
for(i=0; i<SSL_NumImplementedCiphers; i++) { for(i = 0; i < num_implemented_ciphers; i++) {
SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE); SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE);
} }
/* Set every entry in our list to false */ /* Set every entry in our list to false */
for(i=0; i<NUM_OF_CIPHERS; i++) { for(i = 0; i < NUM_OF_CIPHERS; i++) {
cipher_state[i] = PR_FALSE; cipher_state[i] = PR_FALSE;
} }