diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2024-02-13 07:58:30 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2024-02-13 08:10:43 +0300 |
| commit | 8ee6bfd26b9e90e07e530906f5a5d4b198db6ead (patch) | |
| tree | 23a6f725f21b389d874b2a0fb66342e06f6b60a5 /contrib/libs/openldap/libraries/libldap/tls_o.c | |
| parent | 9bb0e697690361fd000af1b1939ca4a688c812e0 (diff) | |
| download | ydb-8ee6bfd26b9e90e07e530906f5a5d4b198db6ead.tar.gz | |
Update contrib/libs/openldap to 2.6.7
Diffstat (limited to 'contrib/libs/openldap/libraries/libldap/tls_o.c')
| -rw-r--r-- | contrib/libs/openldap/libraries/libldap/tls_o.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/contrib/libs/openldap/libraries/libldap/tls_o.c b/contrib/libs/openldap/libraries/libldap/tls_o.c index 8f1d84efa1..6847ef33b4 100644 --- a/contrib/libs/openldap/libraries/libldap/tls_o.c +++ b/contrib/libs/openldap/libraries/libldap/tls_o.c @@ -296,7 +296,7 @@ tlso_stecpy( char *dst, const char *src, const char *end ) * Try to find any TLS1.3 ciphers in the given list of suites. */ static void -tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) +tlso_ctx_cipher13( tlso_ctx *ctx, char *suites, char **oldsuites ) { char tls13_suites[1024], *ts = tls13_suites, *te = tls13_suites + sizeof(tls13_suites); char *ptr, *colon, *nptr; @@ -305,6 +305,8 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) SSL *s = SSL_new( ctx ); int ret; + *oldsuites = NULL; + if ( !s ) return; @@ -336,8 +338,15 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) if ( tls13_suites[0] ) ts = tlso_stecpy( ts, ":", te ); ts = tlso_stecpy( ts, nptr, te ); + } else if (! *oldsuites) { + /* should never happen, set_ciphersuites should + * only succeed for TLSv1.3 and above + */ + *oldsuites = ptr; } } + } else if (! *oldsuites) { + *oldsuites = ptr; } if ( !colon || ts >= te ) break; @@ -417,10 +426,11 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server, char * } if ( lo->ldo_tls_ciphersuite ) { + char *oldsuites = lt->lt_ciphersuite; #if OPENSSL_VERSION_NUMBER >= 0x10101000 - tlso_ctx_cipher13( ctx, lt->lt_ciphersuite ); + tlso_ctx_cipher13( ctx, lt->lt_ciphersuite, &oldsuites ); #endif - if ( !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) ) + if ( oldsuites && !SSL_CTX_set_cipher_list( ctx, oldsuites ) ) { Debug1( LDAP_DEBUG_ANY, "TLS: could not set cipher list %s.\n", @@ -553,7 +563,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server, char * if ( is_server && lo->ldo_tls_dhfile ) { #if OPENSSL_VERSION_MAJOR >= 3 EVP_PKEY *dh; -#define bio_params( bio, dh ) dh = PEM_read_bio_Parameters( bio, &dh ) +#define bio_params( bio, dh ) dh = PEM_read_bio_Parameters( bio, NULL ) #else DH *dh; #define bio_params( bio, dh ) dh = PEM_read_bio_DHparams( bio, NULL, NULL, NULL ) |