diff options
author | Adriaan de Jong | 2011-06-29 18:32:44 +0200 |
---|---|---|
committer | David Sommerseth | 2011-10-21 10:53:31 +0200 |
commit | 2e74a9d02da9ac071438e24de8561ccf9192e94a (patch) | |
tree | 098a78b9342706ab9df2d7c42060573e8fe61f70 /ssl.c | |
parent | 244da317ee9d32a04da80e87502883453f6618cc (diff) | |
download | openvpn-2e74a9d02da9ac071438e24de8561ccf9192e94a.zip openvpn-2e74a9d02da9ac071438e24de8561ccf9192e94a.tar.gz |
Refactored cipher restriction code
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl.c')
-rw-r--r-- | ssl.c | 7 |
1 files changed, 1 insertions, 6 deletions
@@ -1609,8 +1609,6 @@ tls_deauthenticate (struct tls_multi *multi) void init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) { - SSL_CTX *ctx = NULL; - ASSERT(NULL != new_ctx); tls_clear_error(); @@ -1673,8 +1671,6 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) } } - ctx = new_ctx->ctx; - if (options->ca_file || options->ca_path) { tls_ctx_load_ca(new_ctx, options->ca_file, options->ca_file_inline, @@ -1702,8 +1698,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) /* Allowable ciphers */ if (options->cipher_list) { - if (!SSL_CTX_set_cipher_list (ctx, options->cipher_list)) - msg (M_SSLERR, "Problem with cipher list: %s", options->cipher_list); + tls_ctx_restrict_ciphers(new_ctx, options->cipher_list); } tls_clear_error (); |