diff options
| author | Liong Sauw Ming <ming@teluu.com> | 2015-04-23 02:42:49 +0000 |
|---|---|---|
| committer | Liong Sauw Ming <ming@teluu.com> | 2015-04-23 02:42:49 +0000 |
| commit | a21885c3133c2f35be44dfcd14fb2023b1d60c89 (patch) | |
| tree | 04231ae5d45b4e42d01a74bbe044c226ccb05b81 /pjlib | |
| parent | 21f84b3fc05ba3e820001bc9d7234b72ace47a8a (diff) | |
Fixed #1845: Add support if OpenSSL library has more than 100 cipher suites
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5076 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjlib')
| -rw-r--r-- | pjlib/include/pj/config.h | 10 | ||||
| -rw-r--r-- | pjlib/src/pj/ssl_sock_ossl.c | 9 | ||||
| -rw-r--r-- | pjlib/src/pjlib-test/ssl_sock.c | 2 |
3 files changed, 14 insertions, 7 deletions
diff --git a/pjlib/include/pj/config.h b/pjlib/include/pj/config.h index 67659191..cad816e8 100644 --- a/pjlib/include/pj/config.h +++ b/pjlib/include/pj/config.h @@ -865,6 +865,16 @@ /** + * Define the maximum number of ciphers supported by the secure socket. + * + * Default: 256 + */ +#ifndef PJ_SSL_SOCK_MAX_CIPHERS +# define PJ_SSL_SOCK_MAX_CIPHERS 256 +#endif + + +/** * Disable WSAECONNRESET error for UDP sockets on Win32 platforms. See * https://trac.pjsip.org/repos/ticket/1197. * diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index 4915a18c..07e81d1a 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -39,9 +39,6 @@ /* Workaround for ticket #985 */ #define DELAYED_CLOSE_TIMEOUT 200 -/* Maximum ciphers */ -#define MAX_CIPHERS 100 - /* * Include OpenSSL headers */ @@ -296,7 +293,7 @@ static unsigned openssl_cipher_num; static struct openssl_ciphers_t { pj_ssl_cipher id; const char *name; -} openssl_ciphers[MAX_CIPHERS]; +} openssl_ciphers[PJ_SSL_SOCK_MAX_CIPHERS]; /* OpenSSL application data index */ static int sslsock_idx; @@ -345,7 +342,7 @@ static pj_status_t init_openssl(void) pj_assert(meth); ctx=SSL_CTX_new(meth); - SSL_CTX_set_cipher_list(ctx, "ALL"); + SSL_CTX_set_cipher_list(ctx, "ALL:COMPLEMENTOFALL"); ssl = SSL_new(ctx); sk_cipher = SSL_get_ciphers(ssl); @@ -792,7 +789,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) pj_strset(&cipher_list, buf, 0); /* Set SSL with ALL available ciphers */ - SSL_set_cipher_list(ssock->ossl_ssl, "ALL"); + SSL_set_cipher_list(ssock->ossl_ssl, "ALL:COMPLEMENTOFALL"); /* Generate user specified cipher list in OpenSSL format */ sk_cipher = SSL_get_ciphers(ssock->ossl_ssl); diff --git a/pjlib/src/pjlib-test/ssl_sock.c b/pjlib/src/pjlib-test/ssl_sock.c index 4ebf9979..92fffd86 100644 --- a/pjlib/src/pjlib-test/ssl_sock.c +++ b/pjlib/src/pjlib-test/ssl_sock.c @@ -40,7 +40,7 @@ struct send_key { static int get_cipher_list(void) { pj_status_t status; - pj_ssl_cipher ciphers[100]; + pj_ssl_cipher ciphers[PJ_SSL_SOCK_MAX_CIPHERS]; unsigned cipher_num; unsigned i; |