From 54ab266373e1e23d5ebb69d07af377817efb154f Mon Sep 17 00:00:00 2001 From: David Rose Date: Sat, 17 Oct 2009 00:17:40 +0000 Subject: [PATCH] support series of words in cipher_list --- panda/src/downloader/httpChannel.cxx | 33 +++++++++++++++++++++++++++- panda/src/downloader/httpChannel.h | 1 + 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/panda/src/downloader/httpChannel.cxx b/panda/src/downloader/httpChannel.cxx index fad4f5dbf0..67cd2a9060 100644 --- a/panda/src/downloader/httpChannel.cxx +++ b/panda/src/downloader/httpChannel.cxx @@ -95,6 +95,7 @@ HTTPChannel(HTTPClient *client) : _body_stream = NULL; _owns_body_stream = false; _sbio = NULL; + _cipher_list = _client->get_cipher_list(); _last_status_code = 0; _last_run_time = 0.0f; _download_to_ramfile = NULL; @@ -1477,7 +1478,17 @@ run_setup_ssl() { SSL *ssl = NULL; BIO_get_ssl(_sbio, &ssl); nassertr(ssl != (SSL *)NULL, false); - string cipher_list = _client->get_cipher_list(); + + // We only take one word at a time from the _cipher_list. If that + // connection fails, then we take the next word. + string cipher_list = _cipher_list; + if (!cipher_list.empty()) { + size_t space = cipher_list.find(" "); + if (space != string::npos) { + cipher_list = cipher_list.substr(0, space); + } + } + if (downloader_cat.is_debug()) { downloader_cat.debug() << "Setting ssl-cipher-list '" << cipher_list << "'\n"; @@ -1566,6 +1577,26 @@ run_ssl_handshake() { // It seems to be an error to free sbio at this point; perhaps // it's already been freed? + + if (!_cipher_list.empty()) { + // If we've got another cipher to try, do so. + size_t space = _cipher_list.find(" "); + if (space != string::npos) { + while (space < _cipher_list.length() && _cipher_list[space] == ' ') { + ++space; + } + _cipher_list = _cipher_list.substr(space); + if (!_cipher_list.empty()) { + close_connection(); + reconsider_proxy(); + _state = S_connecting; + return false; + } + } + } + + // All done trying ciphers; they all failed. + _cipher_list = _client->get_cipher_list(); _status_entry._status_code = SC_ssl_no_handshake; _state = S_failure; return false; diff --git a/panda/src/downloader/httpChannel.h b/panda/src/downloader/httpChannel.h index 689f8856ea..f1d16f1c19 100644 --- a/panda/src/downloader/httpChannel.h +++ b/panda/src/downloader/httpChannel.h @@ -423,6 +423,7 @@ private: ISocketStream *_body_stream; bool _owns_body_stream; BIO *_sbio; + string _cipher_list; pvector _redirect_trail; int _last_status_code; double _last_run_time;