diff options
author | Kamil Dudka <kdudka@redhat.com> | 2015-09-04 14:35:36 +0200 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2015-09-04 14:35:36 +0200 |
commit | 7380433d6a2f4aaec8dfcacfffadc260b417c7a3 (patch) | |
tree | bef0fb7cd403fab29067bed00495ec630210c991 /lib | |
parent | a60bde79f9adeb135d5c642a07f0d783fbfbbc25 (diff) |
nss: do not directly access SSL_ImplementedCiphers[]
It causes dynamic linking issues at run-time after an update of NSS.
Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/nss.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 91727c7c3..c66c60b56 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -211,16 +211,22 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, PRBool found; char *cipher; + /* use accessors to avoid dynamic linking issues after an update of NSS */ + const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers(); + const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers(); + if(!implemented_ciphers) + return SECFailure; + /* First disable all ciphers. This uses a different max value in case * NSS adds more ciphers later we don't want them available by * accident */ - for(i=0; i<SSL_NumImplementedCiphers; i++) { - SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE); + for(i = 0; i < num_implemented_ciphers; i++) { + SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE); } /* Set every entry in our list to false */ - for(i=0; i<NUM_OF_CIPHERS; i++) { + for(i = 0; i < NUM_OF_CIPHERS; i++) { cipher_state[i] = PR_FALSE; } |