From e83313a8ba92684a660c9d78c536699f67dcdf63 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Fri, 3 Jan 2014 21:03:02 +0100
Subject: Make tls_ctx_restrict_ciphers accept NULL as char *cipher_list.

This adds some ifs to check for NULL in tls_ctx_restrict_ciphers() to
prepare
for disabling export ciphers by default in OpenVPN 2.4+.

Also let tls_ctx_restrict_ciphers always be called, also when *cipher_list
is
NULL.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <52C8922E.3030607@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8173
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/ssl_backend.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/openvpn/ssl_backend.h')

diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index 54383fe..a6fc3bd 100644
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -167,8 +167,9 @@ void tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags);
 /**
  * Restrict the list of ciphers that can be used within the TLS context.
  *
- * @param ctx		TLS context to restrict
- * @param ciphers	String containing : delimited cipher names.
+ * @param ctx		TLS context to restrict, must be valid.
+ * @param ciphers	String containing : delimited cipher names, or NULL to use
+ *					sane defaults.
  */
 void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers);
 
-- 
cgit