projects
/
citadel.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8debb73
)
* Implement a call to SSL_CTX_set_cipher_list() to allow the use of an OpenSSL cipher...
author
Art Cancro
<ajc@citadel.org>
Wed, 23 Sep 2009 20:50:44 +0000
(20:50 +0000)
committer
Art Cancro
<ajc@citadel.org>
Wed, 23 Sep 2009 20:50:44 +0000
(20:50 +0000)
webcit/crypto.c
patch
|
blob
|
history
diff --git
a/webcit/crypto.c
b/webcit/crypto.c
index 8f89948a13c85c2bb37b4995afe4208472bf76a0..0545b7260fa31c2217f074352c3d9ac7ebec30d4 100644
(file)
--- a/
webcit/crypto.c
+++ b/
webcit/crypto.c
@@
-14,6
+14,7
@@
#define CTDL_CSR_PATH file_crpt_file_csr
#define CTDL_CER_PATH file_crpt_file_cer
#define SIGN_DAYS 3650 /* how long our certificate should live */
#define CTDL_CSR_PATH file_crpt_file_csr
#define CTDL_CER_PATH file_crpt_file_cer
#define SIGN_DAYS 3650 /* how long our certificate should live */
+#define WEBCIT_CIPHER_LIST "DEFAULT" /* See http://openssl.org/docs/apps/ciphers.html */
SSL_CTX *ssl_ctx; /* SSL context */
pthread_mutex_t **SSLCritters; /* Things needing locking */
SSL_CTX *ssl_ctx; /* SSL context */
pthread_mutex_t **SSLCritters; /* Things needing locking */
@@
-91,11
+92,16
@@
void init_ssl(void)
SSL_load_error_strings();
ssl_method = SSLv23_server_method();
if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
SSL_load_error_strings();
ssl_method = SSLv23_server_method();
if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
- lprintf(3, "SSL_CTX_new failed: %s\n",
- ERR_reason_error_string(ERR_get_error()));
+ lprintf(3, "SSL_CTX_new failed: %s\n", ERR_reason_error_string(ERR_get_error()));
return;
}
return;
}
+ if (!(SSL_CTX_set_cipher_list(ssl_ctx, WEBCIT_CIPHER_LIST))) {
+ lprintf(3, "SSL_CTX_set_cipher_list failed: %s\n", ERR_reason_error_string(ERR_get_error()));
+ return;
+ }
+
+
CRYPTO_set_locking_callback(ssl_lock);
CRYPTO_set_id_callback(id_callback);
CRYPTO_set_locking_callback(ssl_lock);
CRYPTO_set_id_callback(id_callback);
@@
-151,7
+157,7
@@
void init_ssl(void)
NULL /* no callbk */
) != 1) {
lprintf(3, "Cannot write key: %s\n",
NULL /* no callbk */
) != 1) {
lprintf(3, "Cannot write key: %s\n",
- ERR_reason_error_string(ERR_get_error()));
+ ERR_reason_error_string(ERR_get_error()));
unlink(CTDL_KEY_PATH);
}
fclose(fp);
unlink(CTDL_KEY_PATH);
}
fclose(fp);