diff options
author | Liong Sauw Ming <ming@teluu.com> | 2015-04-23 10:18:52 +0000 |
---|---|---|
committer | Liong Sauw Ming <ming@teluu.com> | 2015-04-23 10:18:52 +0000 |
commit | 606180e833ddb27238df07125b59166db9f019ff (patch) | |
tree | 534ddaf37e2c51630545ac2694e8122dbdf487bf /pjlib | |
parent | 5ff7a55927d627a06e7643d2009f9fa1c57c50af (diff) |
Fixed #1846: Update to use 'HIGH' ciphers as default in OpenSSL
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5078 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjlib')
-rw-r--r-- | pjlib/include/pj/config.h | 12 | ||||
-rw-r--r-- | pjlib/include/pj/ssl_sock.h | 5 | ||||
-rw-r--r-- | pjlib/src/pj/ssl_sock_ossl.c | 12 |
3 files changed, 25 insertions, 4 deletions
diff --git a/pjlib/include/pj/config.h b/pjlib/include/pj/config.h index cad816e8..bd27e01a 100644 --- a/pjlib/include/pj/config.h +++ b/pjlib/include/pj/config.h @@ -875,6 +875,18 @@ /** + * Specify what should be set as the available list of SSL_CIPHERs. For + * example, set this as "DEFAULT" to use the default cipher list (Note: + * PJSIP release 2.4 and before used this "DEFAULT" setting). + * + * Default: "HIGH:-COMPLEMENTOFDEFAULT" + */ +#ifndef PJ_SSL_SOCK_OSSL_CIPHERS +# define PJ_SSL_SOCK_OSSL_CIPHERS "HIGH:-COMPLEMENTOFDEFAULT" +#endif + + +/** * Disable WSAECONNRESET error for UDP sockets on Win32 platforms. See * https://trac.pjsip.org/repos/ticket/1197. * diff --git a/pjlib/include/pj/ssl_sock.h b/pjlib/include/pj/ssl_sock.h index 2d66b325..172943da 100644 --- a/pjlib/include/pj/ssl_sock.h +++ b/pjlib/include/pj/ssl_sock.h @@ -748,8 +748,9 @@ typedef struct pj_ssl_sock_param /** * Number of ciphers contained in the specified cipher preference. - * If this is set to zero, then default cipher list of the backend - * will be used. + * If this is set to zero, then the cipher list used will be determined + * by the backend default (for OpenSSL backend, setting + * PJ_SSL_SOCK_OSSL_CIPHERS will be used). */ unsigned ciphers_num; diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index 07e81d1a..de54844d 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -783,8 +783,14 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) unsigned i; int j, ret; - if (ssock->param.ciphers_num == 0) + if (ssock->param.ciphers_num == 0) { + ret = SSL_set_cipher_list(ssock->ossl_ssl, PJ_SSL_SOCK_OSSL_CIPHERS); + if (ret < 1) { + return GET_SSL_STATUS(ssock); + } + return PJ_SUCCESS; + } pj_strset(&cipher_list, buf, 0); @@ -805,7 +811,9 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) c_name = SSL_CIPHER_get_name(c); /* Check buffer size */ - if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 > sizeof(buf)) { + if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 > + sizeof(buf)) + { pj_assert(!"Insufficient temporary buffer for cipher"); return PJ_ETOOMANY; } |