support series of words in cipher_list

2025-10-01 01:07:51 -04:00 · 2009-10-17 00:17:40 +00:00 · 2009-10-17 00:17:40 +00:00 · 54ab266373
commit 54ab266373
parent fdc8de25f8
2 changed files with 33 additions and 1 deletions
--- a/panda/src/downloader/httpChannel.cxx
+++ b/panda/src/downloader/httpChannel.cxx
@ -95,6 +95,7 @@ HTTPChannel(HTTPClient *client) :
  _body_stream = NULL;
  _owns_body_stream = false;
  _sbio = NULL;
+  _cipher_list = _client->get_cipher_list();
  _last_status_code = 0;
  _last_run_time = 0.0f;
  _download_to_ramfile = NULL;
@ -1477,7 +1478,17 @@ run_setup_ssl() {
  SSL *ssl = NULL;
  BIO_get_ssl(_sbio, &ssl);
  nassertr(ssl != (SSL *)NULL, false);
-  string cipher_list = _client->get_cipher_list();
+
+  // We only take one word at a time from the _cipher_list.  If that
+  // connection fails, then we take the next word.
+  string cipher_list = _cipher_list;
+  if (!cipher_list.empty()) {
+    size_t space = cipher_list.find(" ");
+    if (space != string::npos) {
+      cipher_list = cipher_list.substr(0, space);
+    }
+  }
+
  if (downloader_cat.is_debug()) {
    downloader_cat.debug()
      << "Setting ssl-cipher-list '" << cipher_list << "'\n";
@ -1566,6 +1577,26 @@ run_ssl_handshake() {

    // It seems to be an error to free sbio at this point; perhaps
    // it's already been freed?
+
+    if (!_cipher_list.empty()) {
+      // If we've got another cipher to try, do so.
+      size_t space = _cipher_list.find(" ");
+      if (space != string::npos) {
+        while (space < _cipher_list.length() && _cipher_list[space] == ' ') {
+          ++space;
+        }
+        _cipher_list = _cipher_list.substr(space);
+        if (!_cipher_list.empty()) {
+          close_connection();
+          reconsider_proxy();
+          _state = S_connecting;
+          return false;
+        }
+      }
+    }
+
+    // All done trying ciphers; they all failed.
+    _cipher_list = _client->get_cipher_list();
    _status_entry._status_code = SC_ssl_no_handshake;
    _state = S_failure;
    return false;
--- a/panda/src/downloader/httpChannel.h
+++ b/panda/src/downloader/httpChannel.h
@ -423,6 +423,7 @@ private:
  ISocketStream *_body_stream;
  bool _owns_body_stream;
  BIO *_sbio;
+  string _cipher_list;
  pvector<URLSpec> _redirect_trail;
  int _last_status_code;
  double _last_run_time;