[TLS] ignore empty "CipherString" in ssl-conf-cmd

e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
This commit is contained in:
Glenn Strauss 2020-10-13 17:41:55 -04:00
parent fe02111888
commit d865d8c330
5 changed files with 7 additions and 5 deletions

View File

@ -3010,7 +3010,7 @@ mod_gnutls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *
*
* XXX: not done: could make a list of ciphers with bitflag of attributes
* to make future combining easier */
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
const buffer *b = cipherstring;
const char *e = b->ptr;

View File

@ -3128,7 +3128,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
*
* XXX: not done: could make a list of ciphers with bitflag of attributes
* to make future combining easier */
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
const buffer *b = cipherstring;
const char *e = b->ptr;

View File

@ -3444,7 +3444,7 @@ mod_nss_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *cip
"Ciphersuite support not implemented for %s",
ciphersuites->ptr);
if (!cipherstring)
if (buffer_string_is_empty(cipherstring))
return 1; /* nothing to do */
/*

View File

@ -1882,6 +1882,8 @@ network_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
if (NULL != ds) {
buffer *cipher_string =
array_get_buf_ptr(s->ssl_conf_cmd, CONST_STR_LEN("CipherString"));
if (buffer_string_is_empty(cipher_string))
buffer_append_string_len(cipher_string, CONST_STR_LEN("HIGH"));
buffer_append_string_len(cipher_string,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));
}
@ -3660,7 +3662,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
rc = -1;
}
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
/* Disable support for low encryption ciphers */
buffer_append_string_len(cipherstring,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));

View File

@ -3347,7 +3347,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
/* WolfSSL max ver is set at WolfSSL compile-time */
}
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
/* Disable support for low encryption ciphers */
buffer_append_string_len(cipherstring,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));