summaryrefslogtreecommitdiffstats
path: root/src/openvpn/ssl.c
diff options
context:
space:
mode:
authorSteffan Karger <steffan@karger.me>2014-01-03 21:03:02 +0100
committerGert Doering <gert@greenie.muc.de>2014-01-05 18:35:18 +0100
commite83313a8ba92684a660c9d78c536699f67dcdf63 (patch)
tree1351cddb1a2e06952723273f3eedc2ef31c59609 /src/openvpn/ssl.c
parent69e03f4cd4971c8748faa83be45c89694d4b7a51 (diff)
downloadopenvpn-e83313a8ba92684a660c9d78c536699f67dcdf63.tar.gz
openvpn-e83313a8ba92684a660c9d78c536699f67dcdf63.tar.xz
openvpn-e83313a8ba92684a660c9d78c536699f67dcdf63.zip
Make tls_ctx_restrict_ciphers accept NULL as char *cipher_list.
This adds some ifs to check for NULL in tls_ctx_restrict_ciphers() to prepare for disabling export ciphers by default in OpenVPN 2.4+. Also let tls_ctx_restrict_ciphers always be called, also when *cipher_list is NULL. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <52C8922E.3030607@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8173 Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl.c')
-rw-r--r--src/openvpn/ssl.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index bd19d75..93222c4 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -543,10 +543,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
}
/* Allowable ciphers */
- if (options->cipher_list)
- {
- tls_ctx_restrict_ciphers(new_ctx, options->cipher_list);
- }
+ tls_ctx_restrict_ciphers(new_ctx, options->cipher_list);
#ifdef ENABLE_CRYPTO_POLARSSL
/* Personalise the random by mixing in the certificate */
generated by cgit (git 2.34.1) at 2024-05-06 01:08:58 +0000