diff options
author | Kamil Dudka <kdudka@redhat.com> | 2014-01-29 12:55:36 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2014-01-29 13:46:17 +0100 |
commit | e15e73b741a2ddc88d166d2cec86d2bebb5d349e (patch) | |
tree | 934c0a641d90778d85ce3d070e8e0518064652cb /lib/vtls | |
parent | 53940f883450d1976105677adda41696e5094602 (diff) |
nss: do not fail if NSS does not implement a cipher
... that the user does not ask for
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/nss.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index cd4bf1b82..8e6627b31 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -191,14 +191,13 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, PRBool cipher_state[NUM_OF_CIPHERS]; PRBool found; char *cipher; - SECStatus rv; /* First disable all ciphers. This uses a different max value in case * NSS adds more ciphers later we don't want them available by * accident */ for(i=0; i<SSL_NumImplementedCiphers; i++) { - SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED); + SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE); } /* Set every entry in our list to false */ @@ -238,8 +237,10 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, /* Finally actually enable the selected ciphers */ for(i=0; i<NUM_OF_CIPHERS; i++) { - rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]); - if(rv != SECSuccess) { + if(!cipher_state[i]) + continue; + + if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) { failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name); return SECFailure; } |