Fixed tls-cipher translation bug in openssl-build

author Steffan Karger <steffan.karger@fox-it.com>

Thu, 4 Apr 2013 19:53:07 +0000 (21:53 +0200)

committer Gert Doering <gert@greenie.muc.de>

Fri, 5 Apr 2013 08:47:37 +0000 (10:47 +0200)
author Steffan Karger <steffan.karger@fox-it.com>
Thu, 4 Apr 2013 19:53:07 +0000 (21:53 +0200)
committer Gert Doering <gert@greenie.muc.de>
Fri, 5 Apr 2013 08:47:37 +0000 (10:47 +0200)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c

index 1006617c3f682bca2ca02262f27ade8a46e5ad2f..79cc056e5f92197d111042f43a5997b8a5627648 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -217,8 +217,9 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
    ASSERT(NULL != ctx);
  
    // Translate IANA cipher suite names to OpenSSL names
-  for (begin_of_cipher = 0; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher+1) {
-      end_of_cipher = strcspn(&ciphers[begin_of_cipher], ":");
+  begin_of_cipher = end_of_cipher = 0;
+  for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher) {
+      end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
        cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
  
        if (NULL == cipher_pair)
@@ -257,6 +258,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
        openssl_ciphers_len += current_cipher_len;
        openssl_ciphers[openssl_ciphers_len] = ':';
        openssl_ciphers_len++;
+
+      end_of_cipher++;
    }
  
    if (openssl_ciphers_len > 0)
author	Steffan Karger <steffan.karger@fox-it.com>
	Thu, 4 Apr 2013 19:53:07 +0000 (21:53 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 5 Apr 2013 08:47:37 +0000 (10:47 +0200)