nss: do not fail if NSS does not implement a cipher

... that the user does not ask for
author: Kamil Dudka <kdudka@redhat.com> 2014-01-29 12:55:36 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2014-01-29 13:46:17 +0100
commit: e15e73b741a2ddc88d166d2cec86d2bebb5d349e (patch)
tree: 934c0a641d90778d85ce3d070e8e0518064652cb /lib/vtls/nss.c
parent: 53940f883450d1976105677adda41696e5094602 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index cd4bf1b82..8e6627b31 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -191,14 +191,13 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
   PRBool cipher_state[NUM_OF_CIPHERS];
   PRBool found;
   char *cipher;
-  SECStatus rv;
 
   /* First disable all ciphers. This uses a different max value in case
    * NSS adds more ciphers later we don't want them available by
    * accident
    */
   for(i=0; i<SSL_NumImplementedCiphers; i++) {
-    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
+    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
   }
 
   /* Set every entry in our list to false */
@@ -238,8 +237,10 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
 
   /* Finally actually enable the selected ciphers */
   for(i=0; i<NUM_OF_CIPHERS; i++) {
-    rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
-    if(rv != SECSuccess) {
+    if(!cipher_state[i])
+      continue;
+
+    if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
       failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
       return SECFailure;
     }
author	Kamil Dudka <kdudka@redhat.com>	2014-01-29 12:55:36 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2014-01-29 13:46:17 +0100
commit	e15e73b741a2ddc88d166d2cec86d2bebb5d349e (patch)
tree	934c0a641d90778d85ce3d070e8e0518064652cb /lib/vtls/nss.c
parent	53940f883450d1976105677adda41696e5094602 (diff)