lib-ssl-iostream: Change ssl_prefer_server_ciphers boolean to ssl_prefer_ciphers...

diff --git a/src/lib-ssl-iostream/ssl-settings.c b/src/lib-ssl-iostream/ssl-settings.c
index fd7b39fee518557e4b1ef1fdd74ae72f0aaaa0d1..1846e857c2a840e23f8f821ab7766baf1a6fc1ab 100644 (file)
--- a/src/lib-ssl-iostream/ssl-settings.c
+++ b/src/lib-ssl-iostream/ssl-settings.c
@@ -83,9 +83,9 @@ static const struct setting_define ssl_server_setting_defines[] = {
        DEF(STR, ssl_key_password),
        DEF(FILE, ssl_dh_file),
        DEF(STR, ssl_cert_username_field),
+       DEF(ENUM, ssl_prefer_ciphers),
 
        DEF(BOOL, ssl_require_crl),
-       DEF(BOOL, ssl_prefer_server_ciphers),
        DEF(BOOL, ssl_request_client_cert),
 
        SETTING_DEFINE_LIST_END
@@ -101,9 +101,9 @@ static const struct ssl_server_settings ssl_server_default_settings = {
        .ssl_key_password = "",
        .ssl_dh_file = "",
        .ssl_cert_username_field = "commonName",
+       .ssl_prefer_ciphers = "client:server",
 
        .ssl_require_crl = TRUE,
-       .ssl_prefer_server_ciphers = FALSE,
        .ssl_request_client_cert = FALSE,
 };
 
@@ -272,7 +272,8 @@ void ssl_server_settings_to_iostream_set(
        settings_file_get(ssl_server_set->ssl_dh_file, set->pool, &set->dh);
        set->cert_username_field =
                ssl_server_set->ssl_cert_username_field;
-       set->prefer_server_ciphers = ssl_server_set->ssl_prefer_server_ciphers;
+       set->prefer_server_ciphers =
+               strcmp(ssl_server_set->ssl_prefer_ciphers, "server") == 0;
        set->verify_remote_cert = ssl_server_set->ssl_request_client_cert;
        set->allow_invalid_cert = !set->verify_remote_cert;
        /* ssl_require_crl is used only for checking client-provided SSL

diff --git a/src/lib-ssl-iostream/ssl-settings.h b/src/lib-ssl-iostream/ssl-settings.h
index be54a94f8563cf525462d81796c8acf6eed37255..19106cf77035ef59e53b9a554fbecc97b4c42990 100644 (file)
--- a/src/lib-ssl-iostream/ssl-settings.h
+++ b/src/lib-ssl-iostream/ssl-settings.h
@@ -40,9 +40,9 @@ struct ssl_server_settings {
        const char *ssl_key_password;
        const char *ssl_dh_file;
        const char *ssl_cert_username_field;
+       const char *ssl_prefer_ciphers;
 
        bool ssl_require_crl;
-       bool ssl_prefer_server_ciphers;
        bool ssl_request_client_cert;
 };