Refactored cipher restriction code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
author: Adriaan de Jong 2011-06-29 18:32:44 +0200
committer: David Sommerseth 2011-10-21 10:53:31 +0200
commit: 2e74a9d02da9ac071438e24de8561ccf9192e94a (patch)
tree: 098a78b9342706ab9df2d7c42060573e8fe61f70 /ssl.c
parent: 244da317ee9d32a04da80e87502883453f6618cc (diff)
download: openvpn-2e74a9d02da9ac071438e24de8561ccf9192e94a.zip
openvpn-2e74a9d02da9ac071438e24de8561ccf9192e94a.tar.gz
1 files changed, 1 insertions, 6 deletions
diff --git a/ssl.c b/ssl.c
index 99eca84..8ef75ab 100644
--- a/ssl.c
+++ b/ssl.c
@@ -1609,8 +1609,6 @@ tls_deauthenticate (struct tls_multi *multi)
 void
 init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
 {
-  SSL_CTX *ctx = NULL;
-
   ASSERT(NULL != new_ctx);
 
   tls_clear_error();
@@ -1673,8 +1671,6 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
 	}
     }
 
-  ctx = new_ctx->ctx;
-
   if (options->ca_file || options->ca_path)
     {
       tls_ctx_load_ca(new_ctx, options->ca_file, options->ca_file_inline,
@@ -1702,8 +1698,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
   /* Allowable ciphers */
   if (options->cipher_list)
     {
-      if (!SSL_CTX_set_cipher_list (ctx, options->cipher_list))
-	msg (M_SSLERR, "Problem with cipher list: %s", options->cipher_list);
+      tls_ctx_restrict_ciphers(new_ctx, options->cipher_list);
     }
 
   tls_clear_error ();
author	Adriaan de Jong	2011-06-29 18:32:44 +0200
committer	David Sommerseth	2011-10-21 10:53:31 +0200
commit	2e74a9d02da9ac071438e24de8561ccf9192e94a (patch)
tree	098a78b9342706ab9df2d7c42060573e8fe61f70 /ssl.c
parent	244da317ee9d32a04da80e87502883453f6618cc (diff)
download	openvpn-2e74a9d02da9ac071438e24de8561ccf9192e94a.zip openvpn-2e74a9d02da9ac071438e24de8561ccf9192e94a.tar.gz