Changeset 5078 for pjproject


Ignore:
Timestamp:
Apr 23, 2015 10:18:52 AM (6 years ago)
Author:
ming
Message:

Fixed #1846: Update to use 'HIGH' ciphers as default in OpenSSL

Location:
pjproject/trunk/pjlib
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib/include/pj/config.h

    r5076 r5078  
    872872#ifndef PJ_SSL_SOCK_MAX_CIPHERS 
    873873#  define PJ_SSL_SOCK_MAX_CIPHERS   256 
     874#endif 
     875 
     876 
     877/** 
     878 * Specify what should be set as the available list of SSL_CIPHERs. For 
     879 * example, set this as "DEFAULT" to use the default cipher list (Note: 
     880 * PJSIP release 2.4 and before used this "DEFAULT" setting). 
     881 * 
     882 * Default: "HIGH:-COMPLEMENTOFDEFAULT" 
     883 */ 
     884#ifndef PJ_SSL_SOCK_OSSL_CIPHERS 
     885#  define PJ_SSL_SOCK_OSSL_CIPHERS   "HIGH:-COMPLEMENTOFDEFAULT" 
    874886#endif 
    875887 
  • pjproject/trunk/pjlib/include/pj/ssl_sock.h

    r4973 r5078  
    749749    /** 
    750750     * Number of ciphers contained in the specified cipher preference.  
    751      * If this is set to zero, then default cipher list of the backend  
    752      * will be used. 
     751     * If this is set to zero, then the cipher list used will be determined 
     752     * by the backend default (for OpenSSL backend, setting  
     753     * PJ_SSL_SOCK_OSSL_CIPHERS will be used). 
    753754     */ 
    754755    unsigned ciphers_num; 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r5076 r5078  
    784784    int j, ret; 
    785785 
    786     if (ssock->param.ciphers_num == 0) 
     786    if (ssock->param.ciphers_num == 0) { 
     787        ret = SSL_set_cipher_list(ssock->ossl_ssl, PJ_SSL_SOCK_OSSL_CIPHERS); 
     788        if (ret < 1) { 
     789            return GET_SSL_STATUS(ssock); 
     790        }     
     791         
    787792        return PJ_SUCCESS; 
     793    } 
    788794 
    789795    pj_strset(&cipher_list, buf, 0); 
     
    806812 
    807813                /* Check buffer size */ 
    808                 if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 > sizeof(buf)) { 
     814                if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 > 
     815                    sizeof(buf)) 
     816                { 
    809817                    pj_assert(!"Insufficient temporary buffer for cipher"); 
    810818                    return PJ_ETOOMANY; 
Note: See TracChangeset for help on using the changeset viewer.