Index: Changes

===================================================================
RCS file: /home/cmunk/ircsystems/cvsroot/unreal/Changes,v
retrieving revision 1.1.1.1.2.1.2.1.2.2404
diff -u -r1.1.1.1.2.1.2.1.2.2404 Changes
--- Changes	17 May 2007 09:56:42 -0000	1.1.1.1.2.1.2.1.2.2404
+++ Changes	17 May 2007 10:52:33 -0000
@@ -1707,3 +1707,4 @@
   through this under load, and speeding up connection).
 - IRCd now also sets the &me fd as being non blocking (wasn't before, that
   was odd..)
+- Added set::ssl::server-cipher-list, #002368 requested by Beastie

diff --git a/Changes b/Changes
index 681d33ee4e7ef253b24deebb0e04939e0660740e..d643a8e79c34de672f7f1f19b3d88bb967ecf37e 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1707,3 +1707,4 @@ MOTDs
   through this under load, and speeding up connection).
 - IRCd now also sets the &me fd as being non blocking (wasn't before, that
   was odd..)
+- Added set::ssl::server-cipher-list, #002368 requested by Beastie

diff --git a/include/dynconf.h b/include/dynconf.h
index e0e0267850d4e8c192810ee3610fcaf14b86ec4d..37fa92d821fbd04703ac67fd232d47fe60d96431 100644 (file)
--- a/include/dynconf.h
+++ b/include/dynconf.h
@@ -75,7 +75,7 @@ struct zConfiguration {
        unsigned mkpasswd_for_everyone:1;
        unsigned allow_part_if_shunned:1;
        unsigned check_target_nick_bans:1;
-       unsigned use_egd;
+       unsigned use_egd : 1;
        long host_timeout;
        int  host_retries;
        char *name_server;
@@ -101,10 +101,11 @@ struct zConfiguration {
 #ifdef USE_SSL
        char *x_server_cert_pem;
        char *x_server_key_pem;
+       char *x_server_cipher_list;
        char *trusted_ca_file;
        long ssl_options;
 #elif defined(_WIN32)
-       void *bogus1, *bogus2, *bogus3;
+       void *bogus1, *bogus2, *bogus3, *bogus5;
        long bogus4;
 #endif
        enum UHAllowed userhost_allowed;
@@ -269,6 +270,7 @@ struct SetCheck {
        unsigned has_mkpasswd_for_everyone:1;
        unsigned has_allow_part_if_shunned:1;
        unsigned has_ssl_egd:1;
+       unsigned has_ssl_server_cipher_list :1;
        unsigned has_dns_timeout:1;
        unsigned has_dns_retries:1;
        unsigned has_dns_nameserver:1;

diff --git a/src/s_conf.c b/src/s_conf.c
index 106e0fd0d072d8406642cb6358eab99228d80414..f90f5d0b461909c5155d829862c5f22c0d578695 100644 (file)
--- a/src/s_conf.c
+++ b/src/s_conf.c
@@ -1273,6 +1273,7 @@ void      free_iConf(aConfiguration *i)
 #ifdef USE_SSL
        ircfree(i->x_server_cert_pem);
        ircfree(i->x_server_key_pem);
+       ircfree(i->x_server_cipher_list);
        ircfree(i->trusted_ca_file);
 #endif 
        ircfree(i->restrict_usermodes);
@@ -6872,6 +6873,10 @@ int      _conf_set(ConfigFile *conf, ConfigEntry *ce)
                                        if (cepp->ce_vardata)
                                                tempiConf.egd_path = strdup(cepp->ce_vardata);
                                }
+                               else if (!strcmp(cepp->ce_varname, "server-cipher-list"))
+                               {
+                                       ircstrdup(tempiConf.x_server_cipher_list, cepp->ce_vardata);
+                               }
                                else if (!strcmp(cepp->ce_varname, "certificate"))
                                {
                                        ircstrdup(tempiConf.x_server_cert_pem, cepp->ce_vardata);       
@@ -7775,6 +7780,11 @@ int      _test_set(ConfigFile *conf, ConfigEntry *ce)
                                if (!strcmp(cepp->ce_varname, "egd")) {
                                        CheckDuplicate(cep, ssl_egd, "ssl::egd");
                                }
+                               else if (!strcmp(cepp->ce_varname, "server-cipher-list"))
+                               {
+                                       CheckNull(cepp);
+                                       CheckDuplicate(cep, ssl_server_cipher_list, "ssl:server-cipher-list");
+                               }
                                else if (!strcmp(cepp->ce_varname, "certificate"))
                                {
                                        CheckNull(cepp);

diff --git a/src/ssl.c b/src/ssl.c
index 207a11987bdedafeb5aed5181f7f04221c39b7cc..00f30e4df765e4883a87201ac28d52459156cc3f 100644 (file)
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -215,6 +215,14 @@ SSL_CTX *ctx_server;
                mylog("Failed to check SSL private key");
                goto fail;
        }
+       if (iConf.x_server_cipher_list)
+       {
+                if (SSL_CTX_set_cipher_list(ctx_server, iConf.x_server_cipher_list) == 0)
+                {
+                    mylog("Failed to set SSL cipher list for clients");
+                    goto fail;
+                }
+       }
        if (iConf.trusted_ca_file)
        {
                if (!SSL_CTX_load_verify_locations(ctx_server, iConf.trusted_ca_file, NULL))