move ssl cipher list from compiletime to context creation time option
More flexible this way... NULL for the new member means use
the ssl library default set of ciphers, so as long as your info
struct is zerod by bss or memset, you don't need to do anything
about this change unless you want to set the cipher list.
Signed-off-by: Andy Green <andy.green@linaro.org>
diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 337582d..7414fe7 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -1657,7 +1657,8 @@
#endif
lwsl_info(" SPEC_LATEST_SUPPORTED: %u\n", SPEC_LATEST_SUPPORTED);
lwsl_info(" AWAITING_TIMEOUT: %u\n", AWAITING_TIMEOUT);
- lwsl_info(" CIPHERS_LIST_STRING: '%s'\n", CIPHERS_LIST_STRING);
+ if (info->ssl_cipher_list)
+ lwsl_info(" SSL ciphers: '%s'\n", info->ssl_cipher_list);
lwsl_info(" SYSTEM_RANDOM_FILEPATH: '%s'\n", SYSTEM_RANDOM_FILEPATH);
lwsl_info(" LWS_MAX_ZLIB_CONN_BUFFER: %u\n", LWS_MAX_ZLIB_CONN_BUFFER);
@@ -1877,7 +1878,9 @@
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
- SSL_CTX_set_cipher_list(context->ssl_ctx, CIPHERS_LIST_STRING);
+ if (info->ssl_cipher_list)
+ SSL_CTX_set_cipher_list(context->ssl_ctx,
+ info->ssl_cipher_list);
#ifndef LWS_NO_CLIENT
@@ -1908,8 +1911,9 @@
#endif
SSL_CTX_set_options(context->ssl_client_ctx,
SSL_OP_CIPHER_SERVER_PREFERENCE);
- SSL_CTX_set_cipher_list(context->ssl_client_ctx,
- CIPHERS_LIST_STRING);
+ if (info->ssl_cipher_list)
+ SSL_CTX_set_cipher_list(context->ssl_client_ctx,
+ info->ssl_cipher_list);
/* openssl init for cert verification (for client sockets) */
if (!info->ssl_ca_filepath) {