mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 15:32:35 +00:00
Corrected order of OpenSSL set_cipher_list and use_certificate_chain_file
This commit is contained in:
parent
40350ecc79
commit
5034b941bf
2 changed files with 21 additions and 15 deletions
6
CHANGES
6
CHANGES
|
@ -189,6 +189,12 @@ Corrections:
|
|||
detect byte order in procan
|
||||
Test: EXEC_SIGINT
|
||||
|
||||
OpenSSL cipherlist option did not override global openssl.cnf settings.
|
||||
Now SSL_CTX_set_cipher_list() is called before
|
||||
SSL_CTX_use_certificate_chain_file().
|
||||
Thanks to Hiroshi Sakurai for reporting the problem and suggesting this
|
||||
solution.
|
||||
|
||||
Coding:
|
||||
Introduced groups_t instead of uint32_t, for more flexibility.
|
||||
|
||||
|
|
|
@ -1393,6 +1393,21 @@ cont_out:
|
|||
#endif
|
||||
}
|
||||
|
||||
/* set pre openssl-connect options */
|
||||
/* SSL_CIPHERS */
|
||||
if (ci_str != NULL) {
|
||||
if (sycSSL_CTX_set_cipher_list(ctx, ci_str) <= 0) {
|
||||
if (ERR_peek_error() == 0)
|
||||
Error1("SSL_set_cipher_list(, \"%s\") failed", ci_str);
|
||||
while (err = ERR_get_error()) {
|
||||
Error2("SSL_set_cipher_list(, \"%s\"): %s",
|
||||
ci_str, ERR_error_string(err, NULL));
|
||||
}
|
||||
/*Error("SSL_new()");*/
|
||||
return STAT_RETRYLATER;
|
||||
}
|
||||
}
|
||||
|
||||
if (opt_cert) {
|
||||
BIO *bio;
|
||||
DH *dh;
|
||||
|
@ -1438,21 +1453,6 @@ cont_out:
|
|||
}
|
||||
}
|
||||
|
||||
/* set pre openssl-connect options */
|
||||
/* SSL_CIPHERS */
|
||||
if (ci_str != NULL) {
|
||||
if (sycSSL_CTX_set_cipher_list(ctx, ci_str) <= 0) {
|
||||
if (ERR_peek_error() == 0)
|
||||
Error1("SSL_set_cipher_list(, \"%s\") failed", ci_str);
|
||||
while (err = ERR_get_error()) {
|
||||
Error2("SSL_set_cipher_list(, \"%s\"): %s",
|
||||
ci_str, ERR_error_string(err, NULL));
|
||||
}
|
||||
/*Error("SSL_new()");*/
|
||||
return STAT_RETRYLATER;
|
||||
}
|
||||
}
|
||||
|
||||
if (*opt_ver) {
|
||||
sycSSL_CTX_set_verify(ctx,
|
||||
SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
|
|
Loading…
Reference in a new issue