From a21885c3133c2f35be44dfcd14fb2023b1d60c89 Mon Sep 17 00:00:00 2001 From: Liong Sauw Ming Date: Thu, 23 Apr 2015 02:42:49 +0000 Subject: Fixed #1845: Add support if OpenSSL library has more than 100 cipher suites git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5076 74dad513-b988-da41-8d7b-12977e46ad98 --- pjlib/src/pj/ssl_sock_ossl.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'pjlib/src/pj/ssl_sock_ossl.c') diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index 4915a18c..07e81d1a 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -39,9 +39,6 @@ /* Workaround for ticket #985 */ #define DELAYED_CLOSE_TIMEOUT 200 -/* Maximum ciphers */ -#define MAX_CIPHERS 100 - /* * Include OpenSSL headers */ @@ -296,7 +293,7 @@ static unsigned openssl_cipher_num; static struct openssl_ciphers_t { pj_ssl_cipher id; const char *name; -} openssl_ciphers[MAX_CIPHERS]; +} openssl_ciphers[PJ_SSL_SOCK_MAX_CIPHERS]; /* OpenSSL application data index */ static int sslsock_idx; @@ -345,7 +342,7 @@ static pj_status_t init_openssl(void) pj_assert(meth); ctx=SSL_CTX_new(meth); - SSL_CTX_set_cipher_list(ctx, "ALL"); + SSL_CTX_set_cipher_list(ctx, "ALL:COMPLEMENTOFALL"); ssl = SSL_new(ctx); sk_cipher = SSL_get_ciphers(ssl); @@ -792,7 +789,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) pj_strset(&cipher_list, buf, 0); /* Set SSL with ALL available ciphers */ - SSL_set_cipher_list(ssock->ossl_ssl, "ALL"); + SSL_set_cipher_list(ssock->ossl_ssl, "ALL:COMPLEMENTOFALL"); /* Generate user specified cipher list in OpenSSL format */ sk_cipher = SSL_get_ciphers(ssock->ossl_ssl); -- cgit v1.2.3