patch: add tls_set_ciphers()

2016-05-08 13:22:18 +00:00 · 2016-05-08 13:22:18 +00:00 · 09d40ac36c
commit 09d40ac36c
parent c936a774dc
2 changed files with 48 additions and 0 deletions
--- a/include/re_tls.h
+++ b/include/re_tls.h
@ -43,6 +43,7 @@ int tls_srtp_keyinfo(const struct tls_conn *tc, enum srtp_suite *suite,
 		     uint8_t *cli_key, size_t cli_key_size,
 		     uint8_t *srv_key, size_t srv_key_size);
 const char *tls_cipher_name(const struct tls_conn *tc);
+int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count);


 /* TCP */
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@ -660,3 +660,50 @@ const char *tls_cipher_name(const struct tls_conn *tc)

 	return SSL_get_cipher_name(tc->ssl);
 }
+
+
+/**
+ * Set the ciphers to use for this TLS context
+ *
+ * @param tls      TLS Context
+ * @param cipherv  Vector of cipher names, in order of priority
+ * @param count    Number of cipher names in the vector
+ *
+ * @return 0 if success, otherwise errorcode
+ */
+int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count)
+{
+	struct mbuf *mb;
+	int r, err;
+	size_t i;
+
+	if (!tls || !cipherv || !count)
+		return EINVAL;
+
+	mb = mbuf_alloc(32 * count);
+	if (!mb)
+		return ENOMEM;
+
+	for (i=0; i<count; i++) {
+
+		err = mbuf_printf(mb, "%s%s", i>0 ? ":" : "", cipherv[i]);
+		if (err)
+			goto out;
+	}
+
+	err = mbuf_write_u8(mb, '\0');
+	if (err)
+		goto out;
+
+	r = SSL_CTX_set_cipher_list(tls->ctx, (char *)mb->buf);
+	if (r <= 0) {
+		ERR_clear_error();
+		err = EPROTO;
+		goto out;
+	}
+
+ out:
+	mem_deref(mb);
+
+	return err;
+}