nss: do not directly access SSL_ImplementedCiphers[]

It causes dynamic linking issues at run-time after an update of NSS. Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
author: Kamil Dudka <kdudka@redhat.com> 2015-09-04 14:35:36 +0200
committer: Kamil Dudka <kdudka@redhat.com> 2015-09-04 14:35:36 +0200
commit: 7380433d6a2f4aaec8dfcacfffadc260b417c7a3 (patch)
tree: bef0fb7cd403fab29067bed00495ec630210c991 /lib/vtls/nss.c
parent: a60bde79f9adeb135d5c642a07f0d783fbfbbc25 (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 91727c7c3..c66c60b56 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -211,16 +211,22 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
   PRBool found;
   char *cipher;
 
+  /* use accessors to avoid dynamic linking issues after an update of NSS */
+  const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers();
+  const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
+  if(!implemented_ciphers)
+    return SECFailure;
+
   /* First disable all ciphers. This uses a different max value in case
    * NSS adds more ciphers later we don't want them available by
    * accident
    */
-  for(i=0; i<SSL_NumImplementedCiphers; i++) {
-    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
+  for(i = 0; i < num_implemented_ciphers; i++) {
+    SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE);
   }
 
   /* Set every entry in our list to false */
-  for(i=0; i<NUM_OF_CIPHERS; i++) {
+  for(i = 0; i < NUM_OF_CIPHERS; i++) {
     cipher_state[i] = PR_FALSE;
   }
author	Kamil Dudka <kdudka@redhat.com>	2015-09-04 14:35:36 +0200
committer	Kamil Dudka <kdudka@redhat.com>	2015-09-04 14:35:36 +0200
commit	7380433d6a2f4aaec8dfcacfffadc260b417c7a3 (patch)
tree	bef0fb7cd403fab29067bed00495ec630210c991 /lib/vtls/nss.c
parent	a60bde79f9adeb135d5c642a07f0d783fbfbbc25 (diff)