Context Navigation

Changeset 5078 for pjproject

Timestamp:

Apr 23, 2015 10:18:52 AM (9 years ago)

Author:

ming

Message:

Fixed #1846: Update to use 'HIGH' ciphers as default in OpenSSL

Location:

pjproject/trunk/pjlib

Files:

-                      r5076
+                      r5078
 #ifndef PJ_SSL_SOCK_MAX_CIPHERS
 #  define PJ_SSL_SOCK_MAX_CIPHERS   256
+#endif
+/**
+ * Specify what should be set as the available list of SSL_CIPHERs. For
+ * example, set this as "DEFAULT" to use the default cipher list (Note:
+ * PJSIP release 2.4 and before used this "DEFAULT" setting).
+ *
+ * Default: "HIGH:-COMPLEMENTOFDEFAULT"
+ */
+#ifndef PJ_SSL_SOCK_OSSL_CIPHERS
+#  define PJ_SSL_SOCK_OSSL_CIPHERS   "HIGH:-COMPLEMENTOFDEFAULT"
 #endif

-                      r4973
+                      r5078
     /**
      * Number of ciphers contained in the specified cipher preference.
+     * If this is set to zero, then default cipher list of the backend
+     * will be used.
+     * If this is set to zero, then the cipher list used will be determined
+     * by the backend default (for OpenSSL backend, setting
+     * PJ_SSL_SOCK_OSSL_CIPHERS will be used).
      */
     unsigned ciphers_num;

-                      r5076
+                      r5078
     int j, ret;
+    if (ssock->param.ciphers_num == 0)
+    if (ssock->param.ciphers_num == 0) {
+        ret = SSL_set_cipher_list(ssock->ossl_ssl, PJ_SSL_SOCK_OSSL_CIPHERS);
+        if (ret < 1) {
+            return GET_SSL_STATUS(ssock);
+        }
         return PJ_SUCCESS;
+    }
     pj_strset(&cipher_list, buf, 0);
 …
                 /* Check buffer size */
+                if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 > sizeof(buf)) {
+                if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 >
+                    sizeof(buf))
+                {
                     pj_assert(!"Insufficient temporary buffer for cipher");
                     return PJ_ETOOMANY;

Note: See TracChangeset for help on using the changeset viewer.