diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2020-02-15 21:35:40 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2020-02-15 23:47:00 +0100 |
| commit | 5fc551d620bb353dbac68fe4d23da12784575118 (patch) | |
| tree | 3809453943aa538ed987faebc4f728ab201b6c62 /tls.c | |
| parent | 2ee323c01079248baa9465969df9e25b5fb68cdf (diff) | |
| download | uhttpd2-5fc551d620bb353dbac68fe4d23da12784575118.tar.gz | |
tls: support specifying accepted TLS ciphers
Introduce a new `-P` option which allows specifying a colon separated list
of accepted TLS ciphers.
Depending on the underlying ustream-ssl provider, the list either follows
OpenSSL's cipher string format or, in case of mbedTLS, is a simple colon
separated cipher whitelist.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'tls.c')
| -rw-r--r-- | tls.c | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -31,7 +31,7 @@ static struct ustream_ssl_ops *ops; static void *dlh; static void *ctx; -int uh_tls_init(const char *key, const char *crt) +int uh_tls_init(const char *key, const char *crt, const char *ciphers) { static bool _init = false; @@ -63,6 +63,11 @@ int uh_tls_init(const char *key, const char *crt) return -EINVAL; } + if (ciphers && ops->context_set_ciphers(ctx, ciphers)) { + fprintf(stderr, "No recognized ciphers in cipher list\n"); + return -EINVAL; + } + return 0; } |