diff options
author | Nils Larsch <nils@openssl.org> | 2005-06-08 21:13:52 +0000 |
---|---|---|
committer | Nils Larsch <nils@openssl.org> | 2005-06-08 21:13:52 +0000 |
commit | 4e2a0e58f238a5706d971ea1e467242bf94e3f2c (patch) | |
tree | e98961dc347547917b2078a9445316d7566b6d58 /ssl/ssl_ciph.c | |
parent | 39d29195a7c6fe7394137ea543d19edd28465de9 (diff) | |
download | openssl-new-4e2a0e58f238a5706d971ea1e467242bf94e3f2c.tar.gz |
ssl_create_cipher_list should return an error if no cipher could be
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr
PR: 836 + 1005
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r-- | ssl/ssl_ciph.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index fa4ba89990..038412a92c 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -740,9 +740,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (!found) break; /* ignore this entry */ - algorithms |= ca_list[j]->algorithms; + algorithms |= (ca_list[j]->algorithms & ~mask) | + (ca_list[j]->algorithms & algorithms & mask); mask |= ca_list[j]->mask; - algo_strength |= ca_list[j]->algo_strength; + algo_strength |= (ca_list[j]->algo_strength & ~mask_strength) | + (ca_list[j]->algo_strength & algorithms & mask_strength); mask_strength |= ca_list[j]->mask_strength; if (!multi) break; @@ -910,6 +912,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, } } OPENSSL_free(co_list); /* Not needed any longer */ + /* if no ciphers where selected let's return NULL */ + if (sk_SSL_CIPHER_num(cipherstack) == 0) + { + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + sk_SSL_CIPHER_free(cipherstack); + return NULL; + } /* * The following passage is a little bit odd. If pointer variables |