* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
- {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
- SSL_EXP_MASK, 0, 0, 0},
+ {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
/*
* key exchange aliases (some of those using only a single bit here
const EVP_PKEY_ASN1_METHOD *ameth;
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
- if (ameth) {
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+ if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+ ameth) > 0) {
+ return pkey_id;
}
- return pkey_id;
+ return 0;
}
#else
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
if (ameth) {
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+ if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+ ameth) <= 0)
+ pkey_id = 0;
}
if (tmpeng)
ENGINE_finish(tmpeng);
cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
cp->algo_strength);
#endif
- if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
- goto ok;
- if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
- goto ok;
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;
if (alg_auth && !(alg_auth & cp->algorithm_auth))
if ((algo_strength & SSL_STRONG_MASK)
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
continue;
+ if ((algo_strength & SSL_NOT_DEFAULT)
+ && !(cp->algo_strength & SSL_NOT_DEFAULT))
+ continue;
}
- ok:
-
#ifdef CIPHER_DEBUG
fprintf(stderr, "Action = %d\n", rule);
#endif
ca_list[j]->algo_strength & SSL_STRONG_MASK;
}
+ if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
+ algo_strength |= SSL_NOT_DEFAULT;
+ }
+
if (ca_list[j]->valid) {
/*
* explicit ciphersuite found; its protocol version does not
projects / openssl.git / blobdiff