From 09d40ac36c03578f345b7a129acf4f367af41d7f Mon Sep 17 00:00:00 2001
From: "Alfred E. Heggestad" <aeh@db.org>
Date: Sun, 8 May 2016 13:22:18 +0000
Subject: [PATCH] patch: add tls_set_ciphers()

---
 include/re_tls.h      |  1 +
 src/tls/openssl/tls.c | 47 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/include/re_tls.h b/include/re_tls.h
index 8a9ec1c..5d03ba0 100644
--- a/include/re_tls.h
+++ b/include/re_tls.h
@@ -43,6 +43,7 @@ int tls_srtp_keyinfo(const struct tls_conn *tc, enum srtp_suite *suite,
 		     uint8_t *cli_key, size_t cli_key_size,
 		     uint8_t *srv_key, size_t srv_key_size);
 const char *tls_cipher_name(const struct tls_conn *tc);
+int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count);
 
 
 /* TCP */
diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
index e0f30d6..a199b58 100644
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@@ -660,3 +660,50 @@ const char *tls_cipher_name(const struct tls_conn *tc)
 
 	return SSL_get_cipher_name(tc->ssl);
 }
+
+
+/**
+ * Set the ciphers to use for this TLS context
+ *
+ * @param tls      TLS Context
+ * @param cipherv  Vector of cipher names, in order of priority
+ * @param count    Number of cipher names in the vector
+ *
+ * @return 0 if success, otherwise errorcode
+ */
+int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count)
+{
+	struct mbuf *mb;
+	int r, err;
+	size_t i;
+
+	if (!tls || !cipherv || !count)
+		return EINVAL;
+
+	mb = mbuf_alloc(32 * count);
+	if (!mb)
+		return ENOMEM;
+
+	for (i=0; i<count; i++) {
+
+		err = mbuf_printf(mb, "%s%s", i>0 ? ":" : "", cipherv[i]);
+		if (err)
+			goto out;
+	}
+
+	err = mbuf_write_u8(mb, '\0');
+	if (err)
+		goto out;
+
+	r = SSL_CTX_set_cipher_list(tls->ctx, (char *)mb->buf);
+	if (r <= 0) {
+		ERR_clear_error();
+		err = EPROTO;
+		goto out;
+	}
+
+ out:
+	mem_deref(mb);
+
+	return err;
+}