ssl ciphers had to be set to its old value of

"ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"
instead of
"DEFAULT"
even though the latter works just fine in WebCit, works just fine
in all protocols on the development host, but causes all sorts of
chaos on Uncensored.  I don't know why.

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index 56bd7cc486ae10ff7ddd2ef545285f9e7ebfd8e3..a899be7c6cfc38f9d9f051c67b4eff23f7cc356b 100644 (file)
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -207,7 +207,7 @@ void generate_certificate(char *keyfilename, char *certfilename) {
 
        X509_free(certificate);
        EVP_PKEY_free(public_key);
-       // RSA_free(private_key);                               // private_key is freed by EVP_PKEY_free() above
+       // do not RSA_free(private_key); because it was freed by EVP_PKEY_free() above
 }