[glib-networking/wip/nacho/openssl-fix: 7/9] openssl: use PROFILE=SYSTEM as default cipher list
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/wip/nacho/openssl-fix: 7/9] openssl: use PROFILE=SYSTEM as default cipher list
- Date: Sun, 3 Feb 2019 16:17:58 +0000 (UTC)
commit 4fcf61d74dfcd56977cf817a39f26099057a894e
Author: Ignacio Casal Quinteiro <icq gnome org>
Date: Tue Sep 18 18:22:42 2018 +0200
openssl: use PROFILE=SYSTEM as default cipher list
This is the requirement on fedora so let's just use it
if we have a newly enough openssl
tls/openssl/gtlsclientconnection-openssl.c | 6 +++++-
tls/openssl/gtlsserverconnection-openssl.c | 8 ++++++--
2 files changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index d7e46e0..4f129ba 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -35,7 +35,11 @@
#include "gtlscertificate-openssl.h"
#include <glib/gi18n-lib.h>
-#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+# define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#else
+# define DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+#endif
typedef struct _GTlsClientConnectionOpensslPrivate
{
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index 6a99574..2a3d66b 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -30,6 +30,12 @@
#include "openssl-include.h"
#include <glib/gi18n-lib.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+# define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#else
+# define DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+#endif
+
typedef struct _GTlsServerConnectionOpensslPrivate
{
GTlsAuthenticationMode authentication_mode;
@@ -44,8 +50,6 @@ enum
PROP_AUTHENTICATION_MODE
};
-#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
-
static void g_tls_server_connection_openssl_initable_interface_init (GInitableIface *iface);
static void g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface
*iface);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]