X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Fconf.c;h=9c2c912f1d126ee2282653c7ad85d9b2e9f1f91c;hb=cccd8fc957e893e250324b65146df8fca4680f11;hp=b10f4905c9ec7befb08b5b5717cc6397cc48bea9;hpb=2bacb8210b4f0807eb50587bcc4329c7ea7a50c3;p=ngircd-alex.git diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index b10f4905..9c2c912f 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -93,6 +93,12 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); #define DEFAULT_LISTEN_ADDRSTR "0.0.0.0" #endif +#ifdef HAVE_LIBSSL +#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH" +#endif +#ifdef HAVE_LIBGNUTLS +#define DEFAULT_CIPHERS "SECURE128" +#endif #ifdef SSL_SUPPORT @@ -117,6 +123,9 @@ ConfSSL_Init(void) array_free_wipe(&Conf_SSLOptions.KeyFilePassword); array_free(&Conf_SSLOptions.ListenPorts); + + free(Conf_SSLOptions.CipherList); + Conf_SSLOptions.CipherList = NULL; } /** @@ -432,6 +441,8 @@ Conf_Test( void ) puts("[SSL]"); printf(" CertFile = %s\n", Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile : ""); + printf(" CipherList = %s\n", Conf_SSLOptions.CipherList ? + Conf_SSLOptions.CipherList : DEFAULT_CIPHERS); printf(" DHFile = %s\n", Conf_SSLOptions.DHFile ? Conf_SSLOptions.DHFile : ""); printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile @@ -1027,6 +1038,10 @@ Read_Config(bool TestOnly, bool IsStarting) CheckFileReadable("CertFile", Conf_SSLOptions.CertFile); CheckFileReadable("DHFile", Conf_SSLOptions.DHFile); CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile); + + /* Set the default ciphers if none were configured */ + if (!Conf_SSLOptions.CipherList) + Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS); #endif return true; @@ -1869,6 +1884,11 @@ Handle_SSL(const char *File, int Line, char *Var, char *Arg) ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); return; } + if (strcasecmp(Var, "CipherList") == 0) { + assert(Conf_SSLOptions.CipherList == NULL); + Conf_SSLOptions.CipherList = strdup_warn(Arg); + return; + } Config_Error_Section(File, Line, Var, "SSL"); }