From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Fri, 13 May 2016 08:54:52 +0200 Subject: [PATCH] Fix polarssl / mbedtls builds Commit 8a399cd3 hardened the OpenSSL default cipher list, but also introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. This fix is backported code from the master branch. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11647 Signed-off-by: Gert Doering --- src/openvpn/ssl_polarssl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 1f58369..9263698 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c @@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { char *tmp_ciphers, *tmp_ciphers_orig, *token; int i, cipher_count; - int ciphers_len = strlen (ciphers); + int ciphers_len; + + if (NULL == ciphers) + return; /* Nothing to do */ + + ciphers_len = strlen (ciphers); ASSERT (NULL != ctx); ASSERT (0 != ciphers_len); -- 2.8.1