[glib-networking/wip/nacho/openssl] openssl: use PROFILE=SYSTEM as default cipher list



commit 9ed5742753405b987e114f2df2c050475302241a
Author: Ignacio Casal Quinteiro <icq gnome org>
Date:   Tue Sep 18 18:22:42 2018 +0200

    openssl: use PROFILE=SYSTEM as default cipher list
    
    This is the requirement on fedora so let's just use it
    if we have a newly enough openssl

 tls/openssl/gtlsclientconnection-openssl.c | 6 +++++-
 tls/openssl/gtlsserverconnection-openssl.c | 8 ++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index b1560c1..61fd2be 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -35,7 +35,11 @@
 #include "gtlscertificate-openssl.h"
 #include <glib/gi18n-lib.h>
 
-#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+#  define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#else
+#  define DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+#endif
 
 typedef struct _GTlsClientConnectionOpensslPrivate
 {
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index 6a99574..2a3d66b 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -30,6 +30,12 @@
 #include "openssl-include.h"
 #include <glib/gi18n-lib.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+#  define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#else
+#  define DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+#endif
+
 typedef struct _GTlsServerConnectionOpensslPrivate
 {
   GTlsAuthenticationMode authentication_mode;
@@ -44,8 +50,6 @@ enum
   PROP_AUTHENTICATION_MODE
 };
 
-#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
-
 static void g_tls_server_connection_openssl_initable_interface_init (GInitableIface  *iface);
 
 static void g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface 
*iface);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]