Upgrade a couple of URLs to https://

[privoxy.git] / openssl.c

diff --git a/openssl.c b/openssl.c
index 37b8069..72d97d9 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -735,7 +735,6 @@ extern int create_client_ssl_connection(struct client_state *csp)
    struct ssl_attr *ssl_attr = &csp->ssl_client_attr;
    /* Paths to certificates file and key file */
    char *key_file  = NULL;
-   char *ca_file   = NULL;
    char *cert_file = NULL;
    int ret = 0;
    SSL *ssl;
@@ -759,7 +758,6 @@ extern int create_client_ssl_connection(struct client_state *csp)
    /*
     * Preparing paths to certificates files and key file
     */
-   ca_file   = csp->config->ca_cert_file;
    cert_file = make_certs_path(csp->config->certificate_directory,
       (const char *)csp->http->hash_of_host_hex, CERT_FILE_TYPE);
    key_file  = make_certs_path(csp->config->certificate_directory,
@@ -837,6 +835,18 @@ extern int create_client_ssl_connection(struct client_state *csp)
       goto exit;
    }
 
+   if (csp->config->cipher_list != NULL)
+   {
+      if (!SSL_set_cipher_list(ssl, csp->config->cipher_list))
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR,
+            "Setting the cipher list '%s' for the client connection failed",
+            csp->config->cipher_list);
+         ret = -1;
+         goto exit;
+      }
+   }
+
    /*
     *  Handshake with client
     */
@@ -1061,6 +1071,18 @@ extern int create_server_ssl_connection(struct client_state *csp)
       goto exit;
    }
 
+   if (csp->config->cipher_list != NULL)
+   {
+      if (!SSL_set_cipher_list(ssl, csp->config->cipher_list))
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR,
+            "Setting the cipher list '%s' for the server connection failed",
+            csp->config->cipher_list);
+         ret = -1;
+         goto exit;
+      }
+   }
+
    /*
     * Set the hostname to check against the received server certificate
     */