diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2016-03-11 11:52:04 +0100 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2016-03-11 11:52:04 +0100 |
commit | f83759faedaff3ec275ac5bfb2e71a5cdc84c605 (patch) | |
tree | 48582892e21db6fef3b9da5883b51bdad679b14e /cmd/vfyserv | |
parent | 4a18517e2130ec789aed957e3f9ffafd30f04075 (diff) | |
download | nss-hg-f83759faedaff3ec275ac5bfb2e71a5cdc84c605.tar.gz |
Bug 1228555 - Remove support for SSLv2 r=mt,wtc,ekr
Diffstat (limited to 'cmd/vfyserv')
-rw-r--r-- | cmd/vfyserv/vfyserv.c | 13 | ||||
-rw-r--r-- | cmd/vfyserv/vfyserv.h | 1 | ||||
-rw-r--r-- | cmd/vfyserv/vfyutil.c | 11 |
3 files changed, 7 insertions, 18 deletions
diff --git a/cmd/vfyserv/vfyserv.c b/cmd/vfyserv/vfyserv.c index 6ee22489a..3dd255274 100644 --- a/cmd/vfyserv/vfyserv.c +++ b/cmd/vfyserv/vfyserv.c @@ -41,8 +41,8 @@ #define RD_BUF_SIZE (60 * 1024) -extern int ssl2CipherSuites[]; extern int ssl3CipherSuites[]; +extern int numSSL3CipherSuites; GlobalThreadMgr threadMGR; char *certNickname = NULL; @@ -507,12 +507,11 @@ main(int argc, char **argv) disableAllSSLCiphers(); while (0 != (ndx = *cipherString++)) { - int cipher; + int cipher = 0; if (ndx == ':') { int ctmp = 0; - cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) cipher |= (ctmp << 12); cipherString++; @@ -526,12 +525,12 @@ main(int argc, char **argv) cipher |= ctmp; cipherString++; } else { - const int *cptr; if (! isalpha(ndx)) Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; + ndx = tolower(ndx) - 'a'; + if (ndx < numSSL3CipherSuites) { + cipher = ssl3CipherSuites[ndx]; + } } if (cipher > 0) { SSL_CipherPrefSetDefault(cipher, PR_TRUE); diff --git a/cmd/vfyserv/vfyserv.h b/cmd/vfyserv/vfyserv.h index ce3ae4873..a7a2067c1 100644 --- a/cmd/vfyserv/vfyserv.h +++ b/cmd/vfyserv/vfyserv.h @@ -38,7 +38,6 @@ /* Declare SSL cipher suites. */ extern int cipherSuites[]; -extern int ssl2CipherSuites[]; extern int ssl3CipherSuites[]; /* Data buffer read from a socket. */ diff --git a/cmd/vfyserv/vfyutil.c b/cmd/vfyserv/vfyutil.c index 686c7b13f..64561462e 100644 --- a/cmd/vfyserv/vfyutil.c +++ b/cmd/vfyserv/vfyutil.c @@ -14,16 +14,6 @@ extern void dumpCertChain(CERTCertificate *, SECCertUsage); /* Declare SSL cipher suites. */ -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ - 0 -}; - int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */ @@ -53,6 +43,7 @@ int ssl3CipherSuites[] = { TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; +int numSSL3CipherSuites = PR_ARRAY_SIZE(ssl3CipherSuites); /************************************************************************** ** |