From e83313a8ba92684a660c9d78c536699f67dcdf63 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Fri, 3 Jan 2014 21:03:02 +0100 Subject: Make tls_ctx_restrict_ciphers accept NULL as char *cipher_list. This adds some ifs to check for NULL in tls_ctx_restrict_ciphers() to prepare for disabling export ciphers by default in OpenVPN 2.4+. Also let tls_ctx_restrict_ciphers always be called, also when *cipher_list is NULL. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <52C8922E.3030607@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8173 Signed-off-by: Gert Doering --- src/openvpn/ssl_openssl.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/openvpn/ssl_openssl.c') diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 08327a1..7ad7eab 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -217,6 +217,13 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags) void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { + if (ciphers == NULL) + { + /* Nothing to do */ + return; + } + + /* Parse supplied cipher list and pass on to OpenSSL */ size_t begin_of_cipher, end_of_cipher; const char *current_cipher; @@ -1272,8 +1279,7 @@ show_available_tls_ciphers (const char *cipher_list) if (!ssl) msg (M_SSLERR, "Cannot create SSL object"); - if (cipher_list) - tls_ctx_restrict_ciphers(&tls_ctx, cipher_list); + tls_ctx_restrict_ciphers(&tls_ctx, cipher_list); printf ("Available TLS Ciphers,\n"); printf ("listed in order of preference:\n\n"); -- cgit