X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_lib.c;h=d9486916f206ffd4d23208a1fec1c2708b657075;hb=8e3b2dbb31819b880886bfd275510c650ff264ea;hp=c002b0494ae8721566fbb9136d40432c65abc744;hpb=01a9792f05a2e5294c1aae8f94e96eb5651f463f;p=oweals%2Fopenssl.git

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index c002b0494a..d9486916f2 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -61,7 +61,7 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-const char *dtls1_version_str="DTLSv1" OPENSSL_VERSION_PTEXT;
+const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
 
 SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
@@ -167,3 +167,23 @@ void dtls1_clear(SSL *s)
 	ssl3_clear(s);
 	s->version=DTLS1_VERSION;
 	}
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+	{
+	SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+	if (ciph != NULL)
+		{
+		if (ciph->algorithm_enc == SSL_RC4)
+			return NULL;
+		}
+
+	return ciph;
+	}