You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
4.0 KiB
81 lines
4.0 KiB
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf |
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf.orig 2016-07-27 16:03:55.000000000 +0200 |
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/etc/openwsman.conf 2017-10-02 12:22:14.132019954 +0200 |
|
@@ -45,6 +45,10 @@ ssl_disabled_protocols = SSLv2 SSLv3 |
|
# set these to enable basic authentication against a local datbase |
|
#basic_password_file = /etc/openwsman/simple_auth.passwd |
|
|
|
+# SSL cipher list |
|
+# see 'ciphers' in the OpenSSL documentation |
|
+#ssl_cipher_list = |
|
+ |
|
max_threads = 0 |
|
max_connections_per_thread = 20 |
|
#thread_stack_size=262144 |
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c |
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig 2017-10-02 12:26:03.160273923 +0200 |
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c 2017-10-02 12:28:01.700405369 +0200 |
|
@@ -1472,6 +1472,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch |
|
void *lib; |
|
struct ssl_func *fp; |
|
char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols(); |
|
+ char *ssl_cipher_list = wsmand_options_get_ssl_cipher_list(); |
|
int retval = FALSE; |
|
|
|
/* Initialize SSL crap */ |
|
@@ -1530,6 +1531,13 @@ set_ssl(struct shttpd_ctx *ctx, const ch |
|
ssl_disabled_protocols = blank_ptr + 1; |
|
} |
|
|
|
+ if (ssl_cipher_list) { |
|
+ int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list); |
|
+ if (rc != 0) { |
|
+ _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list); |
|
+ } |
|
+ } |
|
+ |
|
ctx->ssl_ctx = CTX; |
|
|
|
return (retval); |
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c |
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c.orig 2017-10-02 12:23:24.487097973 +0200 |
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.c 2017-10-02 12:24:57.701201336 +0200 |
|
@@ -79,6 +79,7 @@ static char *ssl_key_file = NULL; |
|
static char *service_path = DEFAULT_SERVICE_PATH; |
|
static char *ssl_cert_file = NULL; |
|
static char *ssl_disabled_protocols = NULL; |
|
+static char *ssl_cipher_list = NULL; |
|
static char *pid_file = DEFAULT_PID_PATH; |
|
static char *uri_subscription_repository = DEFAULT_SUBSCRIPTION_REPOSITORY; |
|
static int daemon_flag = 0; |
|
@@ -178,6 +179,7 @@ int wsmand_read_config(dictionary * ini) |
|
ssl_key_file = iniparser_getstr(ini, "server:ssl_key_file"); |
|
ssl_cert_file = iniparser_getstr(ini, "server:ssl_cert_file"); |
|
ssl_disabled_protocols = iniparser_getstr(ini, "server:ssl_disabled_protocols"); |
|
+ ssl_cipher_list = iniparser_getstr(ini, "server:ssl_cipher_list"); |
|
use_ipv4 = iniparser_getboolean(ini, "server:ipv4", 1); |
|
#ifdef ENABLE_IPV6 |
|
use_ipv6 = iniparser_getboolean(ini, "server:ipv6", 1); |
|
@@ -348,6 +350,11 @@ char *wsmand_options_get_ssl_disabled_pr |
|
return ssl_disabled_protocols; |
|
} |
|
|
|
+char *wsmand_options_get_ssl_cipher_list(void) |
|
+{ |
|
+ return ssl_cipher_list; |
|
+} |
|
+ |
|
int wsmand_options_get_digest(void) |
|
{ |
|
return use_digest; |
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h |
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h.orig 2017-10-02 12:25:06.792211418 +0200 |
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-daemon.h 2017-10-02 12:25:30.629237848 +0200 |
|
@@ -77,6 +77,7 @@ int wsmand_options_get_server_ssl_port(v |
|
char *wsmand_options_get_ssl_key_file(void); |
|
char *wsmand_options_get_ssl_cert_file(void); |
|
char *wsmand_options_get_ssl_disabled_protocols(void); |
|
+char *wsmand_options_get_ssl_cipher_list(void); |
|
int wsmand_options_get_digest(void); |
|
char *wsmand_options_get_digest_password_file(void); |
|
char *wsmand_options_get_basic_password_file(void);
|
|
|