TLS: Reject openssl_ciphers parameter in non-OpenSSL cases

This TLS configuration parameter is explicitly for OpenSSL. Instead of ignoring it silently, reject any configuration trying to use it in builds that use other options for TLS implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 01:35:54 +02:00 · 2015-01-11 01:35:54 +02:00 · 224104ddf6
commit 224104ddf6
parent b09baf37cf
3 changed files with 15 additions and 0 deletions
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@ -423,6 +423,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}

+	if (params->openssl_ciphers) {
+		wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+		return -1;
+	}
+
 	/* TODO: gnutls_certificate_set_verify_flags(xcred, flags); 
 	 * to force peer validation(?) */

--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@ -205,6 +205,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}

+	if (params->openssl_ciphers) {
+		wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+		return -1;
+	}
+
 	if (tlsv1_set_ca_cert(cred, params->ca_cert,
 			      params->ca_cert_blob, params->ca_cert_blob_len,
 			      params->ca_path)) {
--- a/src/crypto/tls_schannel.c
+++ b/src/crypto/tls_schannel.c
@ -707,6 +707,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}

+	if (params->openssl_ciphers) {
+		wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+		return -1;
+	}
+
 	if (global->my_cert_store == NULL &&
 	    (global->my_cert_store = CertOpenSystemStore(0, TEXT("MY"))) ==
 	    NULL) {