Clean up implementation for SSLOptions #5149
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This cleans up the implementation for the
SSLOptions
configuration directive:DenyCBC
on Linux and other gnutls platforms._httpTLSSetOptions()
incups/usersys.c
to prevent unsolicited overwriting of theSSLOptions
read fromcupsd.conf
.options
/tls_options
variables got changed into unsigned integers since we are using them as bit maps and not as "normal" numbers._HTTP_TLS_*
constants got shifted by one bit to accomodate the new constant_HTTP_TLS_UNCHANGED
, which means that the values changed for all of these constants. This is needed so we can distinguish between "explicitly use the default settings" and "don't change/overwrite the existing configuration"._HTTP_TLS_*
constants.AllowDH
,AllowRC4
andAllowSSL3
parameters to the manual.