]> git.ipfire.org Git - thirdparty/openvpn.git/commitdiff
projects / thirdparty / openvpn.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 447997d)
mbedtls: don't print unsupported ciphers in insecure cipher list
authorSteffan Karger <steffan.karger@fox-it.com>
Thu, 11 Oct 2018 07:20:00 +0000 (09:20 +0200)
committerGert Doering <gert@greenie.muc.de>
Thu, 11 Oct 2018 07:33:35 +0000 (09:33 +0200)
Commit 447997dd refactored the --show-ciphers code, but introduced a bug
in mbedtls builds where non-AEAD/CBC cipher were printed too.  Those are
however unsupported (as openvpn will tell you when you try to use them).

This fixes that bug.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1539242400-27614-1-git-send-email-steffan.karger@fox-it.com>
URL: https://sourceforge.net/p/openvpn/mailman/message/36438012/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/crypto_mbedtls.c patch | blob | blame | history

diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 46c3c606d33344faffe926691f69342d3c647017..77e84c3c37615800222e8611e6427cf5eac0b641 100644 (file)
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -170,7 +170,8 @@ show_available_ciphers(void)
     while (*ciphers != 0)
     {
         const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers);
-        if (info && cipher_kt_insecure(info))
+        if (info && cipher_kt_insecure(info)
+            && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info)))
         {
             print_cipher(info);
         }
Mirror of https://github.com/OpenVPN/openvpn.git