MirrorHub/construct
0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-16 15:00:51 +01:00
Code Issues Releases Wiki Activity

ircd::net::acceptor: Add conf::item to specify a default whitelist of ciphers in openssl format.

Browse source
This commit is contained in:
Jason Volk 2019-03-12 17:27:56 -07:00
parent a81038acfa
commit 969a15c341
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
include/ircd/net/acceptor.h
View file

@ -25,6 +25,7 @@ struct ircd::net::acceptor
static log::log log; static log::log log;
static conf::item<milliseconds> timeout; static conf::item<milliseconds> timeout;
static conf::item<std::string> ssl_cipher_list;
net::listener *listener_; net::listener *listener_;
std::string name; std::string name;

13
ircd/net.cc
View file

@ -1102,6 +1102,13 @@ ircd::net::acceptor::timeout
{ "default", 12000L }, { "default", 12000L },
}; };
decltype(ircd::net::acceptor::ssl_cipher_list)
ircd::net::acceptor::ssl_cipher_list
{
{ "name", "ircd.net.acceptor.ssl.cipher.list" },
{ "default", string_view{} },
};
std::ostream & std::ostream &
ircd::net::operator<<(std::ostream &s, const acceptor &a) ircd::net::operator<<(std::ostream &s, const acceptor &a)
{ {
@ -1559,6 +1566,12 @@ ircd::net::acceptor::configure(const json::object &opts)
assert(ssl.native_handle()); assert(ssl.native_handle());
openssl::set_cipher_list(*ssl.native_handle(), list); openssl::set_cipher_list(*ssl.native_handle(), list);
} }
else if(!empty(string_view(ssl_cipher_list)))
{
assert(ssl.native_handle());
const string_view &list(ssl_cipher_list);
openssl::set_cipher_list(*ssl.native_handle(), list);
}
if(!empty(unquote(opts["ssl_curve_list"]))) if(!empty(unquote(opts["ssl_curve_list"])))
{ {