# HG changeset patch
# User Frank Zschockelt <lm@freakysoft.de>
# Date 1382652170 -7200
# Node ID a51209f570b6f88377abd504355ecab6293b1b06
# Parent  96edb03ec74ec030db87e2c6fdec3a0fba0625be
Implemented lm_ssl_set_cipher_list

This enables the application to choose the cipher suites which are used by
openssl or gnutls

diff -r 96edb03ec74e -r a51209f570b6 loudmouth/lm-ssl-base.c
--- a/loudmouth/lm-ssl-base.c	Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-base.c	Fri Oct 25 00:02:50 2013 +0200
@@ -33,6 +33,7 @@
     base->func_data      = user_data;
     base->data_notify    = notify;
     base->fingerprint[0] = '\0';
+    base->cipher_list    = NULL;
 
     if (expected_fingerprint) {
         base->expected_fingerprint = g_memdup (expected_fingerprint, 16);
@@ -49,8 +50,18 @@
 }
 
 void
+_lm_ssl_base_set_cipher_list (LmSSLBase   *base,
+                              const gchar *cipher_list)
+{
+    if (base->cipher_list)
+        g_free (base->cipher_list);
+    base->cipher_list = g_strdup (cipher_list);
+}
+
+void
 _lm_ssl_base_free_fields (LmSSLBase *base)
 {
     g_free (base->expected_fingerprint);
+    g_free (base->cipher_list);
 }
 
diff -r 96edb03ec74e -r a51209f570b6 loudmouth/lm-ssl-base.h
--- a/loudmouth/lm-ssl-base.h	Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-base.h	Fri Oct 25 00:02:50 2013 +0200
@@ -30,6 +30,7 @@
     LmSSLFunction   func;
     gpointer        func_data;
     GDestroyNotify  data_notify;
+    gchar          *cipher_list;
     gchar          *expected_fingerprint;
     char            fingerprint[20];
     gboolean        use_starttls;
@@ -44,6 +45,9 @@
                                 gpointer        user_data,
                                 GDestroyNotify  notify);
 
+void _lm_ssl_base_set_cipher_list (LmSSLBase   *base,
+                                   const gchar *cipher_list);
+
 void _lm_ssl_base_free_fields  (LmSSLBase      *base);
 
 #endif /* __LM_SSL_BASE_H__ */
diff -r 96edb03ec74e -r a51209f570b6 loudmouth/lm-ssl-generic.c
--- a/loudmouth/lm-ssl-generic.c	Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-generic.c	Fri Oct 25 00:02:50 2013 +0200
@@ -92,7 +92,6 @@
 #endif /* HAVE_SSL */
 
 
-
 /**
  * lm_ssl_new:
  * @expected_fingerprint: The expected fingerprint. @ssl_function will be called if there is a mismatch. %NULL if you are not interested in this check.
@@ -169,6 +168,13 @@
     return ssl;
 }
 
+void
+lm_ssl_set_cipher_list (LmSSL       *ssl,
+                        const gchar *cipher_list)
+{
+  _lm_ssl_base_set_cipher_list(LM_SSL_BASE(ssl), cipher_list);
+}
+
 /**
  * lm_ssl_use_starttls:
  * @ssl: an #LmSSL
diff -r 96edb03ec74e -r a51209f570b6 loudmouth/lm-ssl-gnutls.c
--- a/loudmouth/lm-ssl-gnutls.c	Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-gnutls.c	Fri Oct 25 00:02:50 2013 +0200
@@ -195,10 +195,16 @@
 _lm_ssl_begin (LmSSL *ssl, gint fd, const gchar *server, GError **error)
 {
     int ret;
+    LmSSLBase *base;
     gboolean auth_ok = TRUE;
 
+    base = LM_SSL_BASE(ssl);
     gnutls_init (&ssl->gnutls_session, GNUTLS_CLIENT);
-    gnutls_priority_set_direct (ssl->gnutls_session, "NORMAL", NULL)
+    if (base->cipher_list) {
+      gnutls_priority_set_direct (ssl->gnutls_session, base->cipher_list, NULL);
+    } else {
+      gnutls_priority_set_direct (ssl->gnutls_session, "NORMAL", NULL);
+    }
     gnutls_credentials_set (ssl->gnutls_session,
                             GNUTLS_CRD_CERTIFICATE,
                             ssl->gnutls_xcred);
@@ -229,6 +235,10 @@
         return FALSE;
     }
 
+    lm_verbose ("GNUTLS negotiated cipher suite: %s",
+                gnutls_cipher_suite_get_name(gnutls_kx_get(ssl->gnutls_session),
+                                             gnutls_cipher_get(ssl->gnutls_session),
+                                             gnutls_mac_get(ssl->gnutls_session)));
     lm_verbose ("GNUTLS negotiated compression: %s",
                 gnutls_compression_get_name (gnutls_compression_get
                                              (ssl->gnutls_session)));
diff -r 96edb03ec74e -r a51209f570b6 loudmouth/lm-ssl-openssl.c
--- a/loudmouth/lm-ssl-openssl.c	Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl-openssl.c	Fri Oct 25 00:02:50 2013 +0200
@@ -332,7 +332,9 @@
 {
     gint ssl_ret;
     GIOStatus status;
+    LmSSLBase *base;
 
+    base = LM_SSL_BASE(ssl);
     if (!ssl->ssl_ctx) {
         g_set_error (error,
                      LM_ERROR, LM_ERROR_CONNECTION_OPEN,
@@ -340,6 +342,9 @@
         return FALSE;
     }
 
+    if (base->cipher_list) {
+        SSL_CTX_set_cipher_list(ssl->ssl_ctx, base->cipher_list);
+    }
     ssl->ssl = SSL_new(ssl->ssl_ctx);
     if (ssl->ssl == NULL) {
         g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, "SSL_new() == NULL");
diff -r 96edb03ec74e -r a51209f570b6 loudmouth/lm-ssl.h
--- a/loudmouth/lm-ssl.h	Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/lm-ssl.h	Fri Oct 25 00:02:50 2013 +0200
@@ -123,6 +123,9 @@
 
 gboolean              lm_ssl_is_supported    (void);
 
+void                  lm_ssl_set_cipher_list (LmSSL          *ssl,
+                                              const gchar    *cipher_list);
+
 const gchar *         lm_ssl_get_fingerprint (LmSSL          *ssl);
 
 void                  lm_ssl_use_starttls    (LmSSL *ssl,
diff -r 96edb03ec74e -r a51209f570b6 loudmouth/loudmouth.sym
--- a/loudmouth/loudmouth.sym	Thu Oct 24 21:50:13 2013 +0200
+++ b/loudmouth/loudmouth.sym	Fri Oct 25 00:02:50 2013 +0200
@@ -90,6 +90,7 @@
 lm_ssl_new
 lm_ssl_ref
 lm_ssl_unref
+lm_ssl_set_cipher_list
 lm_ssl_use_starttls
 lm_utils_get_localtime
 lm_sha_hash