Revert "Backport c1fc044c to release/3.5"

This reverts commit c9c2d6ea12.

This commit included some as yet untested and unrelated code by mistake.

libratbox/src/mbedtls.c

@@ -45,8 +45,6 @@
 
 #include "mbedtls_embedded_data.h"
 
-#define RB_MAX_CIPHERSUITES 512
-
 typedef struct
 {
 	mbedtls_x509_crt	 crt;
@@ -54,7 +52,6 @@ typedef struct
 	mbedtls_dhm_context	 dhp;
 	mbedtls_ssl_config	 server_cfg;
 	mbedtls_ssl_config	 client_cfg;
-	int			 suites[RB_MAX_CIPHERSUITES + 1];
 	size_t			 refcount;
 } rb_mbedtls_cfg_context;
 
@@ -135,8 +132,6 @@ static rb_mbedtls_cfg_context *rb_mbedtls_cfg_new(void)
 	mbedtls_ssl_config_init(&cfg->server_cfg);
 	mbedtls_ssl_config_init(&cfg->client_cfg);
 
-	(void) memset(cfg->suites, 0x00, sizeof cfg->suites);
-
 	cfg->refcount = 1;
 
 	if((ret = mbedtls_ssl_config_defaults(&cfg->server_cfg,
@@ -510,59 +505,7 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
 		return 0;
 	}
 
-	if(cipher_list != NULL)
+	/* XXX support cipher lists when added to mbedtls */
-	{
-		// The cipher_list is (const char *) -- we should not modify it
-		char *const cipher_list_dup = strdup(cipher_list);
-
-		if(cipher_list_dup == NULL)
-		{
-			rb_lib_log("rb_setup_ssl_server: strdup: %s", strerror(errno));
-			rb_lib_log("rb_setup_ssl_server: will not configure ciphersuites!");
-		}
-		else
-		{
-			size_t suites_count = 0;
-			char *cipher_str = cipher_list_dup;
-
-			while(*cipher_str != '\0' && suites_count < RB_MAX_CIPHERSUITES)
-			{
-				// Arbitrary, but the same separator as OpenSSL uses
-				char *const cipher_idx = strchr(cipher_str, ':');
-
-				// This could legitimately be NULL (last ciphersuite in the list)
-				if(cipher_idx != NULL)
-					*cipher_idx = '\0';
-
-				size_t cipher_len = strlen(cipher_str);
-				int cipher_idn = 0;
-
-				// All MbedTLS ciphersuite names begin with these 4 characters
-				if(cipher_len > 4 && strncmp(cipher_str, "TLS-", 4) == 0)
-					cipher_idn = mbedtls_ssl_get_ciphersuite_id(cipher_str);
-
-				// Prevent the same ciphersuite being added multiple times
-				for(size_t x = 0; cipher_idn != 0 && newcfg->suites[x] != 0; x++)
-					if(newcfg->suites[x] == cipher_idn)
-						cipher_idn = 0;
-
-				// Add the suite to the list
-				if(cipher_idn != 0)
-					newcfg->suites[suites_count++] = cipher_idn;
-
-				// Advance the string to the next entry -- this could end the loop
-				cipher_str += (cipher_len + 1);
-			}
-
-			if(suites_count > 0)
-			{
-				mbedtls_ssl_conf_ciphersuites(&newcfg->server_cfg, newcfg->suites);
-				mbedtls_ssl_conf_ciphersuites(&newcfg->client_cfg, newcfg->suites);
-			}
-
-			free(cipher_list_dup);
-		}
-	}
 
 	rb_mbedtls_cfg_decref(rb_mbedtls_cfg);
 	rb_mbedtls_cfg = newcfg;

src/s_serv.c

@@ -800,7 +800,7 @@ server_estab(struct Client *client_p)
 			   EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
 
 		/* pass info to new server */
-		send_capabilities(client_p, default_server_capabs | CAP_MASK
+		send_capabilities(client_p, default_server_capabs
 				  | (ServerConfCompressed(server_p) ? CAP_ZIP_SUPPORTED : 0)
 				  | (ServerConfTb(server_p) ? CAP_TB : 0));
 
@@ -1357,7 +1357,7 @@ serv_connect_callback(rb_fde_t *F, int status, void *data)
 		   EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
 
 	/* pass my info to the new server */
-	send_capabilities(client_p, default_server_capabs | CAP_MASK
+	send_capabilities(client_p, default_server_capabs
 			  | (ServerConfCompressed(server_p) ? CAP_ZIP_SUPPORTED : 0)
 			  | (ServerConfTb(server_p) ? CAP_TB : 0));