Commit 7380433d authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: do not directly access SSL_ImplementedCiphers[] 

It causes dynamic linking issues at run-time after an update of NSS.

Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
parent a60bde79

lib/vtls/nss.c

+9 −3
Original line number Diff line number Diff line
@@ -211,12 +211,18 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, 
  PRBool found;

  char *cipher;



  /* use accessors to avoid dynamic linking issues after an update of NSS */

  const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers();

  const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();

  if(!implemented_ciphers)

    return SECFailure;



  /* First disable all ciphers. This uses a different max value in case

   * NSS adds more ciphers later we don't want them available by

   * accident

   */

  for(i=0; i<SSL_NumImplementedCiphers; i++) {

    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);

  for(i = 0; i < num_implemented_ciphers; i++) {

    SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE);

  }



  /* Set every entry in our list to false */