Allowlist SSL_CTX_set_cipher_list for NGX_DEFAULT_CIPHERS

rustls · Apr 9, 2024 · 1297a9c · 1297a9c
1 parent fcf69a5
commit 1297a9c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/rustls-libssl/MATRIX.md b/rustls-libssl/MATRIX.md
@@ -138,7 +138,7 @@
 | `SSL_CTX_set_cert_cb`  |  | :white_check_mark: | :white_check_mark: |
 | `SSL_CTX_set_cert_store`  |  |  |  |
 | `SSL_CTX_set_cert_verify_callback`  |  |  |  |
-| `SSL_CTX_set_cipher_list`  | :white_check_mark: | :white_check_mark: | :exclamation: [^stub] |
+| `SSL_CTX_set_cipher_list`  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_CTX_set_ciphersuites`  | :white_check_mark: |  | :exclamation: [^stub] |
 | `SSL_CTX_set_client_CA_list`  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_CTX_set_client_cert_cb`  |  |  |  |

diff --git a/rustls-libssl/src/entry.rs b/rustls-libssl/src/entry.rs
@@ -734,6 +734,19 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_CTX_set_cipher_list(_ctx: *mut SSL_CTX, s: *const c_char) -> c_int {
+        let s = try_str!(s);
+
+        match s {
+            "HIGH:!aNULL:!MD5" => C_INT_SUCCESS,
+            _ => Error::not_supported("SSL_CTX_set_cipher_list")
+                .raise()
+                .into(),
+        }
+    }
+}
+
 impl Castable for SSL_CTX {
     type Ownership = OwnershipArc;
     type RustType = Mutex<SSL_CTX>;
@@ -1852,10 +1865,6 @@ entry_stub! {
     pub fn _i2d_SSL_SESSION(_in: *const SSL_SESSION, _pp: *mut *mut c_uchar) -> c_int;
 }
 
-entry_stub! {
-    pub fn _SSL_CTX_set_cipher_list(_ctx: *mut SSL_CTX, _s: *const c_char) -> c_int;
-}
-
 entry_stub! {
     pub fn _SSL_CTX_set_ciphersuites(_ctx: *mut SSL_CTX, _s: *const c_char) -> c_int;
 }