diff options
author | Steffan Karger <steffan@karger.me> | 2014-07-03 23:47:45 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-07-07 22:29:08 +0200 |
commit | 29ed605c2a91e85bc9905cf2968e900cb3969095 (patch) | |
tree | 0b9644da25e7105e75533bd4196b6cf1c4657d6d /src | |
parent | b2bff9fa15695f2850999688b0ca6047016fd7f5 (diff) | |
download | openvpn-29ed605c2a91e85bc9905cf2968e900cb3969095.tar.gz openvpn-29ed605c2a91e85bc9905cf2968e900cb3969095.tar.xz openvpn-29ed605c2a91e85bc9905cf2968e900cb3969095.zip |
Don't issue warning for 'translate to self' tls-ciphers
All cipher suite names supplied through --tls-cipher are translated by
OpenVPN to IANA names, to get OpenSSL and PolarSSL configuration files
compatible. OpenSSL however supports cipher suite group names, like
'DEFAULT', 'HIGH', or 'ECDH'. To make OpenVPN not complain about these,
entries translating these to themselves were added to the translation
table. However, to make OpenVPN not still complain, the deprecated-name
check has to be reversed from 'if this is a deprecated name then complain'
to 'if this is not a iana name, then complain'. Which this commit does.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1404424065-24787-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8824
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/ssl_openssl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index c9d2d26..adf3ae6 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -270,7 +270,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) current_cipher_len = strlen(current_cipher); if (end_of_cipher - begin_of_cipher == current_cipher_len && - 0 == memcmp (&ciphers[begin_of_cipher], cipher_pair->openssl_name, end_of_cipher - begin_of_cipher)) + 0 != memcmp (&ciphers[begin_of_cipher], cipher_pair->iana_name, + end_of_cipher - begin_of_cipher)) { // Non-IANA name used, show warning msg (M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name); |