* Implement a call to SSL_CTX_set_cipher_list() to allow the use of an OpenSSL cipher...

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 8f89948a13c85c2bb37b4995afe4208472bf76a0..0545b7260fa31c2217f074352c3d9ac7ebec30d4 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -14,6 +14,7 @@
 #define CTDL_CSR_PATH          file_crpt_file_csr
 #define CTDL_CER_PATH          file_crpt_file_cer
 #define SIGN_DAYS              3650                    /* how long our certificate should live */
+#define WEBCIT_CIPHER_LIST     "DEFAULT"               /* See http://openssl.org/docs/apps/ciphers.html */
 
 SSL_CTX *ssl_ctx;              /* SSL context */
 pthread_mutex_t **SSLCritters; /* Things needing locking */
@@ -91,11 +92,16 @@ void init_ssl(void)
        SSL_load_error_strings();
        ssl_method = SSLv23_server_method();
        if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
-               lprintf(3, "SSL_CTX_new failed: %s\n",
-                       ERR_reason_error_string(ERR_get_error()));
+               lprintf(3, "SSL_CTX_new failed: %s\n", ERR_reason_error_string(ERR_get_error()));
                return;
        }
 
+       if (!(SSL_CTX_set_cipher_list(ssl_ctx, WEBCIT_CIPHER_LIST))) {
+               lprintf(3, "SSL_CTX_set_cipher_list failed: %s\n", ERR_reason_error_string(ERR_get_error()));
+               return;
+       }
+
+
        CRYPTO_set_locking_callback(ssl_lock);
        CRYPTO_set_id_callback(id_callback);
 
@@ -151,7 +157,7 @@ void init_ssl(void)
                                                        NULL    /* no callbk */
                                ) != 1) {
                                        lprintf(3, "Cannot write key: %s\n",
-                                               ERR_reason_error_string(ERR_get_error()));
+                                               ERR_reason_error_string(ERR_get_error()));
                                        unlink(CTDL_KEY_PATH);
                                }
                                fclose(fp);