=head1 NOTES
-The control string B<str> for SSL_CTX_set_cipher_list() and
-SSL_set_cipher_list() should be universally usable and not depend
-on details of the library configuration (ciphers compiled in). Thus no
-syntax checking takes place. Items that are not recognized, because the
-corresponding ciphers are not compiled in or because they are mistyped,
+The control string B<str> for SSL_CTX_set_cipher_list(), SSL_set_cipher_list(),
+SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() should be universally
+usable and not depend on details of the library configuration (ciphers compiled
+in). Thus no syntax checking takes place. Items that are not recognized, because
+the corresponding ciphers are not compiled in or because they are mistyped,
are simply ignored. Failure is only flagged if no ciphers could be collected
at all.
if (cipher == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
return 0;
+ /* Ciphersuite not found but return 1 to parse rest of the list */
+ return 1;
}
if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
/* Parse the list. We explicitly allow an empty list */
if (*str != '\0'
- && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+ && (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0
+ || sk_SSL_CIPHER_num(newciphers) == 0 )) {
sk_SSL_CIPHER_free(newciphers);
return 0;
}