MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
These ones are used to set the default ciphers suite on "bind" lines and
"server" lines respectively, instead of using OpenSSL's defaults. These
are probably mainly useful for distro packagers.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 88c6300..9d47dae 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4313,6 +4313,9 @@
#ifdef USE_OPENSSL
newsrv->use_ssl = 1;
cur_arg += 1;
+
+ if (global.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
+ newsrv->ssl_ctx.ciphers = strdup(global.connect_default_ciphers);
#else /* USE_OPENSSL */
Alert("parsing [%s:%d]: '%s' option not implemented.\n",
file, linenum, args[cur_arg]);
@@ -4324,6 +4327,9 @@
#ifdef USE_OPENSSL
newsrv->check.use_ssl = 1;
cur_arg += 1;
+
+ if (global.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
+ newsrv->ssl_ctx.ciphers = strdup(global.connect_default_ciphers);
#else /* USE_OPENSSL */
Alert("parsing [%s:%d]: '%s' option not implemented.\n",
file, linenum, args[cur_arg]);
@@ -4340,6 +4346,7 @@
goto out;
}
+ free(newsrv->ssl_ctx.ciphers);
newsrv->ssl_ctx.ciphers = strdup(args[cur_arg + 1]);
cur_arg += 2;