aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2015-09-04 14:35:36 +0200
committerKamil Dudka <kdudka@redhat.com>2015-09-04 14:35:36 +0200
commit7380433d6a2f4aaec8dfcacfffadc260b417c7a3 (patch)
treebef0fb7cd403fab29067bed00495ec630210c991
parenta60bde79f9adeb135d5c642a07f0d783fbfbbc25 (diff)
nss: do not directly access SSL_ImplementedCiphers[]
It causes dynamic linking issues at run-time after an update of NSS. Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
-rw-r--r--lib/vtls/nss.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 91727c7c3..c66c60b56 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -211,16 +211,22 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
PRBool found;
char *cipher;
+ /* use accessors to avoid dynamic linking issues after an update of NSS */
+ const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers();
+ const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
+ if(!implemented_ciphers)
+ return SECFailure;
+
/* First disable all ciphers. This uses a different max value in case
* NSS adds more ciphers later we don't want them available by
* accident
*/
- for(i=0; i<SSL_NumImplementedCiphers; i++) {
- SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
+ for(i = 0; i < num_implemented_ciphers; i++) {
+ SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE);
}
/* Set every entry in our list to false */
- for(i=0; i<NUM_OF_CIPHERS; i++) {
+ for(i = 0; i < NUM_OF_CIPHERS; i++) {
cipher_state[i] = PR_FALSE;
}