aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2014-01-29 12:55:36 +0100
committerKamil Dudka <kdudka@redhat.com>2014-01-29 13:46:17 +0100
commite15e73b741a2ddc88d166d2cec86d2bebb5d349e (patch)
tree934c0a641d90778d85ce3d070e8e0518064652cb /lib/vtls
parent53940f883450d1976105677adda41696e5094602 (diff)
nss: do not fail if NSS does not implement a cipher
... that the user does not ask for
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/nss.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index cd4bf1b82..8e6627b31 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -191,14 +191,13 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
PRBool cipher_state[NUM_OF_CIPHERS];
PRBool found;
char *cipher;
- SECStatus rv;
/* First disable all ciphers. This uses a different max value in case
* NSS adds more ciphers later we don't want them available by
* accident
*/
for(i=0; i<SSL_NumImplementedCiphers; i++) {
- SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
+ SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
}
/* Set every entry in our list to false */
@@ -238,8 +237,10 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
/* Finally actually enable the selected ciphers */
for(i=0; i<NUM_OF_CIPHERS; i++) {
- rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
- if(rv != SECSuccess) {
+ if(!cipher_state[i])
+ continue;
+
+ if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
return SECFailure;
}