projects
/
umurmur.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Avoid use of uninitialized pointer in OpenSSL's SSLi_init().
[umurmur.git]
/
src
/
ssli_openssl.c
diff --git
a/src/ssli_openssl.c
b/src/ssli_openssl.c
index 2dd55ef8839bfe334c717c896305416543b4608f..4cc1db949cd24ab4ca28638c5e99ff486f8ef2c5 100644
(file)
--- a/
src/ssli_openssl.c
+++ b/
src/ssli_openssl.c
@@
-49,7
+49,7
@@
static RSA *rsa;
static SSL_CTX *context;
static EVP_PKEY *pkey;
static SSL_CTX *context;
static EVP_PKEY *pkey;
-static char const * ciphers = "EECDH+
AESGCM:AES256-SHA:AES128-SHA
";
+static char const * ciphers = "EECDH+
CHACHA20:EECDH+AESGCM:EECDH+AES+TLSv1.2:EECDH+AES:AESGCM:AES:!aNULL:!DHE:!kECDH
";
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx);
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx);
@@
-215,14
+215,17
@@
void SSLi_init(void)
int i, offset = 0, cipherstringlen = 0;
STACK_OF(SSL_CIPHER) *cipherlist = NULL, *cipherlist_new = NULL;
SSL_CIPHER *cipher;
int i, offset = 0, cipherstringlen = 0;
STACK_OF(SSL_CIPHER) *cipherlist = NULL, *cipherlist_new = NULL;
SSL_CIPHER *cipher;
- char *cipherstring;
+ char *cipherstring
= NULL
;
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
- context = SSL_CTX_new(TLSv1_2_server_method());
+ context = SSL_CTX_new(SSLv23_server_method());
+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv3);
+ SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
if (context == NULL)
{
ERR_print_errors_fp(stderr);
if (context == NULL)
{
ERR_print_errors_fp(stderr);
@@
-268,7
+271,7
@@
void SSLi_init(void)
if (cipherlist_new)
sk_SSL_CIPHER_free(cipherlist_new);
if (cipherlist_new)
sk_SSL_CIPHER_free(cipherlist_new);
- if (
strlen(cipherstring) == 0
)
+ if (
!cipherstring || !*cipherstring
)
Log_fatal("No suitable ciphers found!");
if (SSL_CTX_set_cipher_list(context, cipherstring) == 0)
Log_fatal("No suitable ciphers found!");
if (SSL_CTX_set_cipher_list(context, cipherstring) == 0)
@@
-408,7
+411,7
@@
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
* it for something special
*/
if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
* it for something special
*/
if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
- X509_NAME_oneline(X509_get_issuer_name(
ctx->current
_cert), buf, 256);
+ X509_NAME_oneline(X509_get_issuer_name(
err
_cert), buf, 256);
Log_warn("issuer= %s", buf);
}
return 1;
Log_warn("issuer= %s", buf);
}
return 1;