Be stricter with TLS configuration for ntpd constraints. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	jsing <jsing@openbsd.org>	2018-11-05 00:13:36 +0000
committer	jsing <jsing@openbsd.org>	2018-11-05 00:13:36 +0000
commit	9b2f2e5be2715f8325469e3377951c16e85acbc3 (patch)
tree	827e817c725fd3e8a6f5cb2f67ce703582924473 /lib/libssl/ssl_methods.c
parent	Define OPENSSL_NO_ASYNC - our libcryptosink does not have built in async (diff)
download	wireguard-openbsd-9b2f2e5be2715f8325469e3377951c16e85acbc3.tar.xz wireguard-openbsd-9b2f2e5be2715f8325469e3377951c16e85acbc3.zip

Be stricter with TLS configuration for ntpd constraints.

We already require TLSv1.2 so it does not make sense to be liberal with the cipher suites that we allow. Additionally, it is potentially dangerous to disable certificate verification when no CA data is available (which is currently an impossible case to reach). Also ensure we check the return value from tls_config_set_ca_mem() (as spotted by tb@). ok kn@ tb@

Diffstat (limited to 'lib/libssl/ssl_methods.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: