Commit 6390e656 authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: do not count enabled cipher-suites 

We only care if at least one cipher-suite is enabled, so it does
not make any sense to iterate till the end and count all enabled
cipher-suites.
parent 5f835fb2

lib/vtls/nss.c

+7 −7
Original line number Diff line number Diff line
@@ -275,21 +275,21 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, 
}



/*

 * Get the number of ciphers that are enabled. We use this to determine

 * Return true if at least one cipher-suite is enabled. Used to determine

 * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.

 */

static int num_enabled_ciphers(void)

static bool any_cipher_enabled(void)

{

  PRInt32 policy = 0;

  int count = 0;

  unsigned int i;



  for(i=0; i<NUM_OF_CIPHERS; i++) {

    PRInt32 policy = 0;

    SSL_CipherPolicyGet(cipherlist[i].num, &policy);

    if(policy)

      count++;

      return TRUE;

  }

  return count;



  return FALSE;

}



/*
@@ -1228,7 +1228,7 @@ static CURLcode nss_init(struct SessionHandle *data) 
  if(result)

    return result;



  if(num_enabled_ciphers() == 0)

  if(!any_cipher_enabled())

    NSS_SetDomesticPolicy();



  initialized = 1;