diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c index c616abd4..a7a71cdb 100644 --- a/libratbox/src/mbedtls.c +++ b/libratbox/src/mbedtls.c @@ -45,8 +45,6 @@ #include "mbedtls_embedded_data.h" -#define RB_MAX_CIPHERSUITES 512 - typedef struct { mbedtls_x509_crt crt; @@ -54,7 +52,6 @@ typedef struct mbedtls_dhm_context dhp; mbedtls_ssl_config server_cfg; mbedtls_ssl_config client_cfg; - int suites[RB_MAX_CIPHERSUITES + 1]; size_t refcount; } rb_mbedtls_cfg_context; @@ -135,8 +132,6 @@ static rb_mbedtls_cfg_context *rb_mbedtls_cfg_new(void) mbedtls_ssl_config_init(&cfg->server_cfg); mbedtls_ssl_config_init(&cfg->client_cfg); - (void) memset(cfg->suites, 0x00, sizeof cfg->suites); - cfg->refcount = 1; if((ret = mbedtls_ssl_config_defaults(&cfg->server_cfg, @@ -510,59 +505,7 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil return 0; } - if(cipher_list != NULL) - { - // The cipher_list is (const char *) -- we should not modify it - char *const cipher_list_dup = strdup(cipher_list); - - if(cipher_list_dup == NULL) - { - rb_lib_log("rb_setup_ssl_server: strdup: %s", strerror(errno)); - rb_lib_log("rb_setup_ssl_server: will not configure ciphersuites!"); - } - else - { - size_t suites_count = 0; - char *cipher_str = cipher_list_dup; - - while(*cipher_str != '\0' && suites_count < RB_MAX_CIPHERSUITES) - { - // Arbitrary, but the same separator as OpenSSL uses - char *const cipher_idx = strchr(cipher_str, ':'); - - // This could legitimately be NULL (last ciphersuite in the list) - if(cipher_idx != NULL) - *cipher_idx = '\0'; - - size_t cipher_len = strlen(cipher_str); - int cipher_idn = 0; - - // All MbedTLS ciphersuite names begin with these 4 characters - if(cipher_len > 4 && strncmp(cipher_str, "TLS-", 4) == 0) - cipher_idn = mbedtls_ssl_get_ciphersuite_id(cipher_str); - - // Prevent the same ciphersuite being added multiple times - for(size_t x = 0; cipher_idn != 0 && newcfg->suites[x] != 0; x++) - if(newcfg->suites[x] == cipher_idn) - cipher_idn = 0; - - // Add the suite to the list - if(cipher_idn != 0) - newcfg->suites[suites_count++] = cipher_idn; - - // Advance the string to the next entry -- this could end the loop - cipher_str += (cipher_len + 1); - } - - if(suites_count > 0) - { - mbedtls_ssl_conf_ciphersuites(&newcfg->server_cfg, newcfg->suites); - mbedtls_ssl_conf_ciphersuites(&newcfg->client_cfg, newcfg->suites); - } - - free(cipher_list_dup); - } - } + /* XXX support cipher lists when added to mbedtls */ rb_mbedtls_cfg_decref(rb_mbedtls_cfg); rb_mbedtls_cfg = newcfg; diff --git a/src/s_serv.c b/src/s_serv.c index 13c93c3c..65058d1d 100644 --- a/src/s_serv.c +++ b/src/s_serv.c @@ -800,7 +800,7 @@ server_estab(struct Client *client_p) EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id); /* pass info to new server */ - send_capabilities(client_p, default_server_capabs | CAP_MASK + send_capabilities(client_p, default_server_capabs | (ServerConfCompressed(server_p) ? CAP_ZIP_SUPPORTED : 0) | (ServerConfTb(server_p) ? CAP_TB : 0)); @@ -1357,7 +1357,7 @@ serv_connect_callback(rb_fde_t *F, int status, void *data) EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id); /* pass my info to the new server */ - send_capabilities(client_p, default_server_capabs | CAP_MASK + send_capabilities(client_p, default_server_capabs | (ServerConfCompressed(server_p) ? CAP_ZIP_SUPPORTED : 0) | (ServerConfTb(server_p) ? CAP_TB : 0));