diff options
| author | Raymond Tau <raymondtau@gmail.com> | 2015-12-09 09:06:13 +0300 |
|---|---|---|
| committer | Raymond Tau <raymondtau@gmail.com> | 2015-12-09 09:06:13 +0300 |
| commit | 311ab9efaba485225c05b65437d0d1f5d685ef5f (patch) | |
| tree | 83f33f2e44c91883e599b128b60ea310a3652496 /src | |
| parent | 04b72873c79375fc9845e03f1d575d4891ea723f (diff) | |
Correctly save and apply the DisableSslVersions config
Diffstat (limited to 'src')
| -rw-r--r-- | src/Cedar/Server.c | 46 |
1 files changed, 40 insertions, 6 deletions
diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 23c08593..8081d2bc 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -6167,23 +6167,24 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f) UINT i;
for (i = 0;i < sslVersions->NumTokens;i++)
{
- if (strcmp(tmp, NAME_SSL_VERSION_SSL_V2)) {
+ char *sslVersion=sslVersions->Token[i];
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V2)==0) {
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_SSL_V3)) {
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V3)==0) {
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_0)) {
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_0)==0) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_0;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_1)) {
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_1)==0) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_1;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_2)) {
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_2)==0) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_2;
continue;
}
@@ -6500,7 +6501,40 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s) CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls);
- CfgAddStr(f, "DisableSslVersions", c->DisableSslVersions);
+ {
+ char tmp[MAX_SIZE];
+ tmp[0] = 0;
+ if (c->DisableSslVersions & SSL_VERSION_SSL_V2) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V2);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_SSL_V3) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V3);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_TLS_V1_0) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_0);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_TLS_V1_1) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_1);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_TLS_V1_2) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_2);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (StrLen(tmp) >= 1)
+ {
+ if (tmp[StrLen(tmp) - 1] == ',')
+ {
+ tmp[StrLen(tmp) - 1] = 0;
+ }
+ }
+ CfgAddStr(f, "DisableSslVersions", tmp);
+ }
+
+
// Disable session reconnect
CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));
|