You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
4.0 KiB
82 lines
4.0 KiB
5 years ago
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf
|
||
|
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf.orig 2016-07-27 16:03:55.000000000 +0200
|
||
|
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf 2017-10-02 12:22:14.132019954 +0200
|
||
|
|
@@ -45,6 +45,10 @@ ssl_disabled_protocols = SSLv2 SSLv3
|
||
|
|
# set these to enable basic authentication against a local datbase
|
||
|
|
#basic_password_file = /etc/openwsman/simple_auth.passwd
|
||
|
|
|
||
|
|
+# SSL cipher list
|
||
|
|
+# see 'ciphers' in the OpenSSL documentation
|
||
|
|
+#ssl_cipher_list =
|
||
|
|
+
|
||
|
|
max_threads = 0
|
||
|
|
max_connections_per_thread = 20
|
||
|
|
#thread_stack_size=262144
|
||
|
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c
|
||
|
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig 2017-10-02 12:26:03.160273923 +0200
|
||
|
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c 2017-10-02 12:28:01.700405369 +0200
|
||
|
|
@@ -1472,6 +1472,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
|
||
|
|
void *lib;
|
||
|
|
struct ssl_func *fp;
|
||
|
|
char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols();
|
||
|
|
+ char *ssl_cipher_list = wsmand_options_get_ssl_cipher_list();
|
||
|
|
int retval = FALSE;
|
||
|
|
|
||
|
|
/* Initialize SSL crap */
|
||
|
|
@@ -1530,6 +1531,13 @@ set_ssl(struct shttpd_ctx *ctx, const ch
|
||
|
|
ssl_disabled_protocols = blank_ptr + 1;
|
||
|
|
}
|
||
|
|
|
||
|
|
+ if (ssl_cipher_list) {
|
||
|
|
+ int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
|
||
|
|
+ if (rc != 0) {
|
||
|
|
+ _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
|
||
|
|
+ }
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
ctx->ssl_ctx = CTX;
|
||
|
|
|
||
|
|
return (retval);
|
||
|
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c
|
||
|
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c.orig 2017-10-02 12:23:24.487097973 +0200
|
||
|
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c 2017-10-02 12:24:57.701201336 +0200
|
||
|
|
@@ -79,6 +79,7 @@ static char *ssl_key_file = NULL;
|
||
|
|
static char *service_path = DEFAULT_SERVICE_PATH;
|
||
|
|
static char *ssl_cert_file = NULL;
|
||
|
|
static char *ssl_disabled_protocols = NULL;
|
||
|
|
+static char *ssl_cipher_list = NULL;
|
||
|
|
static char *pid_file = DEFAULT_PID_PATH;
|
||
|
|
static char *uri_subscription_repository = DEFAULT_SUBSCRIPTION_REPOSITORY;
|
||
|
|
static int daemon_flag = 0;
|
||
|
|
@@ -178,6 +179,7 @@ int wsmand_read_config(dictionary * ini)
|
||
|
|
ssl_key_file = iniparser_getstr(ini, "server:ssl_key_file");
|
||
|
|
ssl_cert_file = iniparser_getstr(ini, "server:ssl_cert_file");
|
||
|
|
ssl_disabled_protocols = iniparser_getstr(ini, "server:ssl_disabled_protocols");
|
||
|
|
+ ssl_cipher_list = iniparser_getstr(ini, "server:ssl_cipher_list");
|
||
|
|
use_ipv4 = iniparser_getboolean(ini, "server:ipv4", 1);
|
||
|
|
#ifdef ENABLE_IPV6
|
||
|
|
use_ipv6 = iniparser_getboolean(ini, "server:ipv6", 1);
|
||
|
|
@@ -348,6 +350,11 @@ char *wsmand_options_get_ssl_disabled_pr
|
||
|
|
return ssl_disabled_protocols;
|
||
|
|
}
|
||
|
|
|
||
|
|
+char *wsmand_options_get_ssl_cipher_list(void)
|
||
|
|
+{
|
||
|
|
+ return ssl_cipher_list;
|
||
|
|
+}
|
||
|
|
+
|
||
|
|
int wsmand_options_get_digest(void)
|
||
|
|
{
|
||
|
|
return use_digest;
|
||
|
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h
|
||
|
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h.orig 2017-10-02 12:25:06.792211418 +0200
|
||
|
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h 2017-10-02 12:25:30.629237848 +0200
|
||
|
|
@@ -77,6 +77,7 @@ int wsmand_options_get_server_ssl_port(v
|
||
|
|
char *wsmand_options_get_ssl_key_file(void);
|
||
|
|
char *wsmand_options_get_ssl_cert_file(void);
|
||
|
|
char *wsmand_options_get_ssl_disabled_protocols(void);
|
||
|
|
+char *wsmand_options_get_ssl_cipher_list(void);
|
||
|
|
int wsmand_options_get_digest(void);
|
||
|
|
char *wsmand_options_get_digest_password_file(void);
|
||
|
|
char *wsmand_options_get_basic_password_file(void);
|