[TLS] ignore empty "CipherString" in ssl-conf-cmd

e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
2 years ago · d865d8c330
parent fe02111888
commit d865d8c330
5 changed files with 7 additions and 5 deletions
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@ -3010,7 +3010,7 @@ mod_gnutls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *
     *
     * XXX: not done: could make a list of ciphers with bitflag of attributes
     *      to make future combining easier */
-    if (cipherstring) {
+    if (!buffer_string_is_empty(cipherstring)) {
        const buffer *b = cipherstring;
        const char *e = b->ptr;

--- a/src/mod_mbedtls.c
+++ b/src/mod_mbedtls.c
@ -3128,7 +3128,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
     *
     * XXX: not done: could make a list of ciphers with bitflag of attributes
     *      to make future combining easier */
-    if (cipherstring) {
+    if (!buffer_string_is_empty(cipherstring)) {
        const buffer *b = cipherstring;
        const char *e = b->ptr;

--- a/src/mod_nss.c
+++ b/src/mod_nss.c
@ -3444,7 +3444,7 @@ mod_nss_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *cip
                  "Ciphersuite support not implemented for %s",
                  ciphersuites->ptr);

-    if (!cipherstring)
+    if (buffer_string_is_empty(cipherstring))
        return 1; /* nothing to do */

    /*
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@ -1882,6 +1882,8 @@ network_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
    if (NULL != ds) {
        buffer *cipher_string =
          array_get_buf_ptr(s->ssl_conf_cmd, CONST_STR_LEN("CipherString"));
+        if (buffer_string_is_empty(cipher_string))
+            buffer_append_string_len(cipher_string, CONST_STR_LEN("HIGH"));
        buffer_append_string_len(cipher_string,
                                 CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));
    }
@ -3660,7 +3662,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
            rc = -1;
    }

-    if (cipherstring) {
+    if (!buffer_string_is_empty(cipherstring)) {
        /* Disable support for low encryption ciphers */
        buffer_append_string_len(cipherstring,
                                 CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));
--- a/src/mod_wolfssl.c
+++ b/src/mod_wolfssl.c
@ -3347,7 +3347,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
        /* WolfSSL max ver is set at WolfSSL compile-time */
    }

-    if (cipherstring) {
+    if (!buffer_string_is_empty(cipherstring)) {
        /* Disable support for low encryption ciphers */
        buffer_append_string_len(cipherstring,
                                 CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));