From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 17 Dec 2024 13:09:26 +0000 (+0200)
Subject: lib-ssl-iostream: Allow empty ssl_cipher_list and ssl_min_protocol
X-Git-Tag: 2.4.0~79
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11f48247a50ad15a1c20d2bebe1c7d5a49a80a32;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Allow empty ssl_cipher_list and ssl_min_protocol

If empty, the OpenSSL defaults are used.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 0cf10ce570..aef934c188 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -644,7 +644,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 	ctx->verify_remote_cert = set->verify_remote_cert;
 	ctx->allow_invalid_cert = set->allow_invalid_cert;
 
-	if (set->cipher_list != NULL &&
+	if (set->cipher_list != NULL && set->cipher_list[0] != '\0' &&
 	    SSL_CTX_set_cipher_list(ctx->ssl_ctx, set->cipher_list) == 0) {
 		*error_r = t_strdup_printf(
 			"Can't set cipher list to '%s' (ssl_cipher_list setting): %s",
@@ -669,7 +669,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 		SSL_CTX_set_options(ctx->ssl_ctx,
 				    SSL_OP_CIPHER_SERVER_PREFERENCE);
 	}
-	if (set->min_protocol != NULL) {
+	if (set->min_protocol != NULL && set->min_protocol[0] != '\0') {
 		long opts;
 		int min_protocol;
 		if (openssl_min_protocol_to_options(set->min_protocol,