GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

worker: always honour the DTLS ciphersuite that matches the TLS ciphersuite

Browse Source 
That is, do not consider the ciphersuite priorities at all, but rather
prefer the DTLS ciphersuite that matches the TLS one (if any).
This commit is contained in:
Nikos Mavrogiannopoulos
2016-06-18 16:09:07 +02:00
parent 3d4fb9b3e6
commit bcef7c58cf
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/worker-http.c
View File

@@ -293,12 +293,14 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req)
i < sizeof(ciphersuites) / sizeof(ciphersuites[0]);
i++) {
if (strcmp(token, ciphersuites[i].oc_name) == 0) {
if (ciphersuites[i].txt_version != NULL && gnutls_check_version(ciphersuites[i].txt_version) == NULL)
if (ciphersuites[i].txt_version != NULL && gnutls_check_version(ciphersuites[i].txt_version) == NULL) {
continue; /* not supported */
}
if (cand == NULL ||
cand->server_prio <
ciphersuites[i].server_prio) {
cand->server_prio < ciphersuites[i].server_prio ||
(want_cipher != -1 && want_cipher == ciphersuites[i].gnutls_cipher &&
want_mac == ciphersuites[i].gnutls_mac)) {
cand =
&ciphersuites[i];
@@ -307,13 +309,14 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req)
if (want_cipher != -1) {
if (want_cipher == cand->gnutls_cipher &&
want_mac == cand->gnutls_mac)
break;
goto ciphersuite_finish;
}
}
}
}
str = NULL;
}
ciphersuite_finish:
req->selected_ciphersuite = cand;
break;