Implemented lm_ssl_set_cipher_list
This enables the application to choose the cipher suites which are used by
openssl or gnutls
--- a/loudmouth/lm-ssl-base.c Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-base.c Fri Oct 25 00:02:50 2013 +0200
@@ -33,6 +33,7 @@
base->func_data = user_data;
base->data_notify = notify;
base->fingerprint[0] = '\0';
+ base->cipher_list = NULL;
if (expected_fingerprint) {
base->expected_fingerprint = g_memdup (expected_fingerprint, 16);
@@ -49,8 +50,18 @@
}
void
+_lm_ssl_base_set_cipher_list (LmSSLBase *base,
+ const gchar *cipher_list)
+{
+ if (base->cipher_list)
+ g_free (base->cipher_list);
+ base->cipher_list = g_strdup (cipher_list);
+}
+
+void
_lm_ssl_base_free_fields (LmSSLBase *base)
{
g_free (base->expected_fingerprint);
+ g_free (base->cipher_list);
}
--- a/loudmouth/lm-ssl-base.h Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-base.h Fri Oct 25 00:02:50 2013 +0200
@@ -30,6 +30,7 @@
LmSSLFunction func;
gpointer func_data;
GDestroyNotify data_notify;
+ gchar *cipher_list;
gchar *expected_fingerprint;
char fingerprint[20];
gboolean use_starttls;
@@ -44,6 +45,9 @@
gpointer user_data,
GDestroyNotify notify);
+void _lm_ssl_base_set_cipher_list (LmSSLBase *base,
+ const gchar *cipher_list);
+
void _lm_ssl_base_free_fields (LmSSLBase *base);
#endif /* __LM_SSL_BASE_H__ */
--- a/loudmouth/lm-ssl-generic.c Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-generic.c Fri Oct 25 00:02:50 2013 +0200
@@ -92,7 +92,6 @@
#endif /* HAVE_SSL */
-
/**
* lm_ssl_new:
* @expected_fingerprint: The expected fingerprint. @ssl_function will be called if there is a mismatch. %NULL if you are not interested in this check.
@@ -169,6 +168,13 @@
return ssl;
}
+void
+lm_ssl_set_cipher_list (LmSSL *ssl,
+ const gchar *cipher_list)
+{
+ _lm_ssl_base_set_cipher_list(LM_SSL_BASE(ssl), cipher_list);
+}
+
/**
* lm_ssl_use_starttls:
* @ssl: an #LmSSL
--- a/loudmouth/lm-ssl-gnutls.c Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-gnutls.c Fri Oct 25 00:02:50 2013 +0200
@@ -195,10 +195,16 @@
_lm_ssl_begin (LmSSL *ssl, gint fd, const gchar *server, GError **error)
{
int ret;
+ LmSSLBase *base;
gboolean auth_ok = TRUE;
+ base = LM_SSL_BASE(ssl);
gnutls_init (&ssl->gnutls_session, GNUTLS_CLIENT);
- gnutls_priority_set_direct (ssl->gnutls_session, "NORMAL", NULL)
+ if (base->cipher_list) {
+ gnutls_priority_set_direct (ssl->gnutls_session, base->cipher_list, NULL);
+ } else {
+ gnutls_priority_set_direct (ssl->gnutls_session, "NORMAL", NULL);
+ }
gnutls_credentials_set (ssl->gnutls_session,
GNUTLS_CRD_CERTIFICATE,
ssl->gnutls_xcred);
@@ -229,6 +235,10 @@
return FALSE;
}
+ lm_verbose ("GNUTLS negotiated cipher suite: %s",
+ gnutls_cipher_suite_get_name(gnutls_kx_get(ssl->gnutls_session),
+ gnutls_cipher_get(ssl->gnutls_session),
+ gnutls_mac_get(ssl->gnutls_session)));
lm_verbose ("GNUTLS negotiated compression: %s",
gnutls_compression_get_name (gnutls_compression_get
(ssl->gnutls_session)));
--- a/loudmouth/lm-ssl-openssl.c Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-openssl.c Fri Oct 25 00:02:50 2013 +0200
@@ -332,7 +332,9 @@
{
gint ssl_ret;
GIOStatus status;
+ LmSSLBase *base;
+ base = LM_SSL_BASE(ssl);
if (!ssl->ssl_ctx) {
g_set_error (error,
LM_ERROR, LM_ERROR_CONNECTION_OPEN,
@@ -340,6 +342,9 @@
return FALSE;
}
+ if (base->cipher_list) {
+ SSL_CTX_set_cipher_list(ssl->ssl_ctx, base->cipher_list);
+ }
ssl->ssl = SSL_new(ssl->ssl_ctx);
if (ssl->ssl == NULL) {
g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, "SSL_new() == NULL");
--- a/loudmouth/lm-ssl.h Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl.h Fri Oct 25 00:02:50 2013 +0200
@@ -123,6 +123,9 @@
gboolean lm_ssl_is_supported (void);
+void lm_ssl_set_cipher_list (LmSSL *ssl,
+ const gchar *cipher_list);
+
const gchar * lm_ssl_get_fingerprint (LmSSL *ssl);
void lm_ssl_use_starttls (LmSSL *ssl,
--- a/loudmouth/loudmouth.sym Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/loudmouth.sym Fri Oct 25 00:02:50 2013 +0200
@@ -90,6 +90,7 @@
lm_ssl_new
lm_ssl_ref
lm_ssl_unref
+lm_ssl_set_cipher_list
lm_ssl_use_starttls
lm_utils_get_localtime
lm_sha_hash