generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: do not fail if NSS does not implement a cipher

Browse Source 
... that the user does not ask for
This commit is contained in:
Kamil Dudka 2014-01-29 12:55:36 +01:00
parent 53940f8834
commit e15e73b741
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/vtls/nss.c
View File

@ -191,14 +191,13 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
PRBool cipher_state[NUM_OF_CIPHERS]; PRBool cipher_state[NUM_OF_CIPHERS];
PRBool found; PRBool found;
char *cipher; char *cipher;
SECStatus rv;
/* First disable all ciphers. This uses a different max value in case /* First disable all ciphers. This uses a different max value in case
* NSS adds more ciphers later we don't want them available by * NSS adds more ciphers later we don't want them available by
* accident * accident
*/ */
for(i=0; i<SSL_NumImplementedCiphers; i++) { for(i=0; i<SSL_NumImplementedCiphers; i++) {
SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED); SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
} }
/* Set every entry in our list to false */ /* Set every entry in our list to false */
@ -238,8 +237,10 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
/* Finally actually enable the selected ciphers */ /* Finally actually enable the selected ciphers */
for(i=0; i<NUM_OF_CIPHERS; i++) { for(i=0; i<NUM_OF_CIPHERS; i++) {
rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]); if(!cipher_state[i])
if(rv != SECSuccess) { continue;
if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name); failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
return SECFailure; return SECFailure;
} }