patch: add tls_set_ciphers()

This commit is contained in:
Alfred E. Heggestad 2016-05-08 13:22:18 +00:00
parent c936a774dc
commit 09d40ac36c
2 changed files with 48 additions and 0 deletions

View file

@ -43,6 +43,7 @@ int tls_srtp_keyinfo(const struct tls_conn *tc, enum srtp_suite *suite,
uint8_t *cli_key, size_t cli_key_size,
uint8_t *srv_key, size_t srv_key_size);
const char *tls_cipher_name(const struct tls_conn *tc);
int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count);
/* TCP */

View file

@ -660,3 +660,50 @@ const char *tls_cipher_name(const struct tls_conn *tc)
return SSL_get_cipher_name(tc->ssl);
}
/**
* Set the ciphers to use for this TLS context
*
* @param tls TLS Context
* @param cipherv Vector of cipher names, in order of priority
* @param count Number of cipher names in the vector
*
* @return 0 if success, otherwise errorcode
*/
int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count)
{
struct mbuf *mb;
int r, err;
size_t i;
if (!tls || !cipherv || !count)
return EINVAL;
mb = mbuf_alloc(32 * count);
if (!mb)
return ENOMEM;
for (i=0; i<count; i++) {
err = mbuf_printf(mb, "%s%s", i>0 ? ":" : "", cipherv[i]);
if (err)
goto out;
}
err = mbuf_write_u8(mb, '\0');
if (err)
goto out;
r = SSL_CTX_set_cipher_list(tls->ctx, (char *)mb->buf);
if (r <= 0) {
ERR_clear_error();
err = EPROTO;
goto out;
}
out:
mem_deref(mb);
return err;
}