[ngIRCd-ML] Support fir OpenSSL CipherList

Florian Westphal fw at strlen.de
Thu Sep 5 15:28:33 CEST 2013


Bastian <bastian-ngircd at t6l.de> wrote:
> diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
> index 10f2189..ae1b213 100644
> --- a/doc/sample-ngircd.conf.tmpl
> +++ b/doc/sample-ngircd.conf.tmpl
> @@ -260,12 +260,6 @@
>  	# Additional Listen Ports that expect SSL/TLS encrypted connections
>  	;Ports = 6697, 9999
>  
> -  # OpenSSL: Select cipher suites used for ssl/tls connections
> -  #          more info at 'man 1ssl ciphers'
> -  #          Example below disallows besides LowStrength, the  Medium Strength Cipher Suites, SSLv2
> -  #          RC-4, which tend to be broken
> -  ;CipherList = !aNULL:!eNULL:!LOW:!SSLv2:!EXPORT:!EXPORT56:!RC4:!MEDIUM:HIGH:@STRENGTH
> -

This patch seems to be inverted...

> -	if (strcasecmp(Var, "CipherList") == 0) {
> -		assert(array_bytes(&Conf_SSLOptions.CipherList) == 0);
> -		if (!array_copys(&Conf_SSLOptions.CipherList, Arg))
> -			Config_Error(LOG_ERR,

This won't work, and the compiler should scream at this.
Either CipherList needs to be array type, or this should be
something like

if (Conf_SSLOptions.CipherList == NULL)
    Conf_SSLOptions.CipherList = strdup(Arg);

[ since the cipher list isn't altered i'd recommend to go with strdup ]


More information about the ngIRCd-ML mailing list