From abbe1350b0abccc33cf50238b173008641f73946 Mon Sep 17 00:00:00 2001 From: jsing Date: Wed, 15 Apr 2015 16:33:49 +0000 Subject: [PATCH] Only set the cipher list if one was specified and actually check the return value from SSL_CTX_set_cipher_list(). Also remove pointless getenv() handling. ok bcook@ doug@ --- usr.bin/openssl/s_time.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/usr.bin/openssl/s_time.c b/usr.bin/openssl/s_time.c index 2e7c97dbae1..e49c741dee7 100644 --- a/usr.bin/openssl/s_time.c +++ b/usr.bin/openssl/s_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_time.c,v 1.6 2015/04/14 12:56:36 jsing Exp $ */ +/* $OpenBSD: s_time.c,v 1.7 2015/04/15 16:33:49 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -94,6 +94,8 @@ #define max(a,b) (((a) > (b)) ? (a) : (b)) #define SECONDS 30 +extern int verify_depth; +extern int verify_error; static void s_time_usage(void); static SSL *doConnection(SSL * scon); @@ -300,7 +302,15 @@ s_time_main(int argc, char **argv) if (s_time_config.bugs) SSL_CTX_set_options(tm_ctx, SSL_OP_ALL); - SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher); + + if (s_time_config.cipher != NULL) { + if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) { + BIO_printf(bio_err, "error setting cipher list\n"); + ERR_print_errors(bio_err); + goto end; + } + } + if (!set_cert_stuff(tm_ctx, s_time_config.certfile, s_time_config.keyfile)) goto end; @@ -315,12 +325,7 @@ s_time_main(int argc, char **argv) ERR_print_errors(bio_err); /* goto end; */ } - if (s_time_config.cipher == NULL) - s_time_config.cipher = getenv("SSL_CIPHER"); - if (s_time_config.cipher == NULL) { - fprintf(stderr, "No CIPHER specified\n"); - } if (!(s_time_config.perform & 1)) goto next; printf("Collecting connection statistics for %d seconds\n", -- 2.20.1