wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ssl_create_cipher_list should return an error if no cipher could be

Browse source 
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr.

PR: 836 + 1005
This commit is contained in:
Nils Larsch 2005-06-08 21:19:14 +00:00
parent dffdb56b7f
commit cbed917fee
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
ssl/ssl_ciph.c
View file

@ -740,9 +740,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (!found)
break; /* ignore this entry */
algorithms |= ca_list[j]->algorithms;
algorithms |= (ca_list[j]->algorithms & ~mask) |
(ca_list[j]->algorithms & algorithms & mask);
mask |= ca_list[j]->mask;
algo_strength |= ca_list[j]->algo_strength;
algo_strength |= (ca_list[j]->algo_strength & ~mask_strength) |
(ca_list[j]->algo_strength & algorithms & mask_strength);
mask_strength |= ca_list[j]->mask_strength;
if (!multi) break;
@ -910,6 +912,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
}
}
OPENSSL_free(co_list); /* Not needed any longer */
/* if no ciphers where selected let's return NULL */
if (sk_SSL_CIPHER_num(cipherstack) == 0)
{
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
/*
* The following passage is a little bit odd. If pointer variables