- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an

error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
This commit is contained in:
Nils Larsch
2005-06-10 19:51:16 +00:00
parent 428759b3d4
commit cac0d4ee6f
4 changed files with 53 additions and 56 deletions

View File

@@ -1153,8 +1153,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
&ctx->cipher_list_by_id,str);
/* XXXX */
return((sk == NULL)?0:1);
/* ssl_create_cipher_list may return an empty stack if it
* was unable to find a cipher matching the given rule string
* (for example if the rule string specifies a cipher which
* has been disabled). This is not an error as far as
* ssl_create_cipher_list is concerned, and hence
* ctx->cipher_list and ctx->cipher_list_by_id has been
* updated. */
if (sk == NULL)
return 0;
else if (sk_SSL_CIPHER_num(sk) == 0)
{
SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
return 0;
}
return 1;
}
/** specify the ciphers to be used by the SSL */
@@ -1164,8 +1177,15 @@ int SSL_set_cipher_list(SSL *s,const char *str)
sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
&s->cipher_list_by_id,str);
/* XXXX */
return((sk == NULL)?0:1);
/* see comment in SSL_CTX_set_cipher_list */
if (sk == NULL)
return 0;
else if (sk_SSL_CIPHER_num(sk) == 0)
{
SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
return 0;
}
return 1;
}
/* works well for SSLv2, not so good for SSLv3 */
@@ -1377,8 +1397,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
ret->default_passwd_callback=0;
ret->default_passwd_callback_userdata=NULL;
ret->client_cert_cb=0;
ret->app_gen_cookie_cb=0;
ret->app_verify_cookie_cb=0;
ret->app_gen_cookie_cb=0;
ret->app_verify_cookie_cb=0;
ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
LHASH_COMP_FN(SSL_SESSION_cmp));