|
0 |
From: Sara Dickinson <sara@sinodun.com>
|
|
1 |
Date: Sun, 25 Oct 2015 15:28:20 +0000
|
|
2 |
Subject: Fix error that was not allowing cipher suite fallback for
|
|
3 |
opportunistic TLS.
|
|
4 |
|
|
5 |
---
|
|
6 |
src/stub.c | 4 ++--
|
|
7 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
8 |
|
|
9 |
diff --git a/src/stub.c b/src/stub.c
|
|
10 |
index 15fc395..c37fb47 100644
|
|
11 |
--- a/src/stub.c
|
|
12 |
+++ b/src/stub.c
|
|
13 |
@@ -913,7 +913,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|
14 |
SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_callback);
|
|
15 |
else {
|
|
16 |
SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_callback_with_fallback);
|
|
17 |
- SSL_CTX_set_cipher_list(context->tls_ctx, NULL);
|
|
18 |
+ SSL_set_cipher_list(ssl, "DEFAULT");
|
|
19 |
}
|
|
20 |
} else {
|
|
21 |
/* Lack of host name is OK unless only authenticated TLS is specified*/
|
|
22 |
@@ -926,7 +926,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|
23 |
DEBUG_STUB("--- %s, PROCEEDING WITHOUT HOSTNAME VALIDATION!!\n", __FUNCTION__);
|
|
24 |
upstream->tls_auth_failed = 1;
|
|
25 |
SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_callback_with_fallback);
|
|
26 |
- SSL_CTX_set_cipher_list(context->tls_ctx, NULL);
|
|
27 |
+ SSL_set_cipher_list(ssl, "DEFAULT");
|
|
28 |
}
|
|
29 |
}
|
|
30 |
|