- Fix #1259: "--disable-ecdsa" argument overwritten

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Mon, 1 May 2017 07:34:48 +0000 (07:34 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Mon, 1 May 2017 07:34:48 +0000 (07:34 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 1 May 2017 07:34:48 +0000 (07:34 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 1 May 2017 07:34:48 +0000 (07:34 +0000)
diff --git a/daemon/remote.c b/daemon/remote.c

index 7467c6ba5b660e3b71af9d7a41a4f31890e3d2a9..2c53d8b38a9a6d2abb1ece71fc0a04cdc06cb63f 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -260,7 +260,7 @@ daemon_remote_create(struct config_file* cfg)
                 return NULL;
         }
  #endif
-#ifdef SHA256_DIGEST_LENGTH
+#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
         /* if we have sha256, set the cipher list to have no known vulns */
         if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
                 log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list");
diff --git a/doc/Changelog b/doc/Changelog

index 2cd29f2ae04a1a7bdf5f2b2907ac4c19dac4b6f3..e92d62738a1af54da1d78f1218f681be3bbd6416 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+1 May 2017: Wouter
+       - Fix #1259: "--disable-ecdsa" argument overwritten 
+         by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
+
  26 April 2017: Ralph
         - Implemented trust anchor signaling using key tag query.
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Mon, 1 May 2017 07:34:48 +0000 (07:34 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Mon, 1 May 2017 07:34:48 +0000 (07:34 +0000)
daemon/remote.c		patch \| blob \| blame \| history
doc/Changelog		patch \| blob \| blame \| history